I do think this is an important issue.
I like the hash idea. A positive side effect of using hashes is that
they can help recover from a bad file transfer. I see hashes for POMs
already. This discussion makes me think they are not used.
One potential downside of incrementing the version number in these cases
is that it could result in a cascade of updates. Consider a
multi-project that produces 5 jars. 4 of the jars depend on the 5th jar.
If the 5th jar got deployed poorly, the operation to fix it should
include updating the version of all 5 jars so that the other 4 point to
the "fixed" 5th jar.
-Max
Wayne Fay wrote:
-Or- like I said in my previous email (and unless I'm mistaken, what I
believe the Maven team is planning on implementing), they should add
hashing of the pom itself and check that file in addition to the
binary jar when looking for and downloading updates.
This is also a reasonable fix to the solution, imo. Especially
considering the "difficulty" related to matching poms with a certain
version tag to binaries with another version tag (ie 1.4.2-rc1 and
-rc2 vs 1.4.2, etc).
Wayne
On 5/19/06, Orjan Austvold <[EMAIL PROTECTED]> wrote:
Daniel Kulp wrote:
> Right. But if an error is detected in a pom, why does the pom have
to be
> updated. For example, if there is a:
>
> foo/1.0/foo-1.0.pom
>
> why can't we do something like Gentoo Linux and leave that alone and
then
> add a:
> foo/1.0-R2/foo-1.0-R2.pom
>
> It's stilll "foo 1.0 as release by the foo developers", but its the R2
> "update" as far as the maven repository is concerned. If the foo
> developers produce a 1.0.1, fine. We create a:
> foo/1.0.1/foo-1.0.1.pom
>
> Thus, existing apps and such that depend on the broken behavior are
OK and
> others can migrate to the "correct" poms as needed.
>
> Anyway, I COMPLETELY agree that stuff put up on ibiblio as a release,
> correct or broken, should stay that way.
>
>
Right on, Daniel! Introduction of non-maven artifacts could adopt the
scheme from Gentoo (or Debian (Ubuntu)) to provide mavenized released in
which versions numbers could document a change made by "Maven" number X.
Every change in a fixed release of the artifact (POM or whatever) would
increase the X.
A release to the repository has to be write-once. If this is not true,
then Maven has to come with a footnote telling everybody to delete their
local repository if a build goes astray.
Ørjan
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
