This question has also arrisen recently where I work. I suggested putting the local repository of the build machine under version control, so that it can be rolled back to repeat any released build that we create. Hell, we'll probably stick a copy of the jdk, ant, maven, the os, everything we can think of in there too, just to be really sure. I realize that the release management tool can be used to check that no snapshot dependencies are included in a build and to resolve everything to a fixed version number. But there is another problem..
What about poms that use versioning syntax to specify that they can use versions >= a certain version ((e.g. [1.5,) for versions >= 1.5)? My transitive dependencies may include such a pom without me really being aware of it. Then someone uploads version 2, which breaks my build, but I wasn't using snapshots. Do any solutions for this already exist? is it in the pipeline for the release management stuff? Rupert Smith.
