[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] Tycho and dependencyManagement

On 12-04-13 7:51 AM, Max Rydahl Andersen wrote:

The only reason why it is bad to have repositories listed directly in your pom.xml is that maven has this brilliant/bad/weird idea that anyone that depend on such a pom also need to get that repository added into their build - its basically "leaking" in the build details of how projext X was built into projext Y which is just *using* not building project X.

Ummm... I am pretty sure Maven will handle such indirectly configured repositories correctly.

How ? afaik, it will use *all* repositories defined in my and any transitive dependent projects to try and resolve dependencies which causes nondeterministic resolution.

Thats at least what
talks about and what i've seen everytime I've used projects that had
repositories listed in their pom's.

Maven is expected to scope <repository> elements defined in pom.xml to resolve dependencies of that pom.xml only. Project-local repositories should not leak.

Unless you use mirrorOf=* (or external:*) in settings.xml, which is
exactly the reason I avoid mirrorOf.

Afaik this is the only way to actually work around this problem of foreign repositories get into your build ? do you know of something better ? :)

yes, https://github.com/etesla/nexus-mirror-selector ;-)