And, for the record, I have had to make the "for the suits" speech about maven and especially transitive dependencies nearly a dozen times in the last month. It's a common question and given Graham's concern that is clearly mirrored by many others, probably deserves at least a paragraph or 2 in the docs somewhere.
On 6/30/06, Mykel Alvis <[EMAIL PROTECTED]> wrote:
It's like anything in the pom. It documents the needs of the project. If there were no transitive dependencies, how would you know what the implicit transtive dependencies were? Whether you like the method or not, the transitive dependencies exist, and the method in m2 beats out a "Requires the following libraries to build/deploy" section in a readme.txt. :) If nothing else, it's a means for documenting those dependencies. Maven's pom.xml is not the build equivalent of a simple Windows-ish Installshield file for code. It's a schematic for a build, with the implication that there's a piece of grey meat ultimately directing that effort. On 6/30/06, Graham Lea <[EMAIL PROTECTED]> wrote: > Thanks, Wendy. > > I don't disagree that it's powerful and convenient, and it definitely > doesn't absolve responsibility. > > But that still leaves me unsure as to what the goal of it actually is. > What do you think is the goal of transitive dependencies? > > G. > > Wendy Smoak wrote: > > > Maven's transitive dependency mechanism is powerful and convenient... > > but it does not absolve you of the responsibility to be aware of what > > versions of what libraries you are depending on. > > > > (I don't think you disagree... in your original scenarios, you were > > asking how to deal with a security flaw in a transitive dependency and > > make sure that you're using the right version.) > > > > Maven provides reports to help you see what dependencies you're > > working with, for example: > > * http://struts.apache.org/struts-action/struts-core/dependencies.html > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Never wear anything that panics the cat. -- P. J. O'Rourke
-- Never wear anything that panics the cat. -- P. J. O'Rourke --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
