[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] Tycho and dependencyManagement



On 12-04-13 7:51 AM, Max Rydahl Andersen wrote:

The only reason why it is bad to have repositories listed directly in your pom.xml is that maven has this brilliant/bad/weird idea that anyone that depend on such a pom also need to get that repository added into their build - its basically "leaking" in the build details of how projext X was built into projext Y which is just *using* not building project X.


Ummm... I am pretty sure Maven will handle such indirectly configured repositories correctly.

How ? afaik, it will use *all* repositories defined in my and any transitive dependent projects to try and resolve dependencies which causes nondeterministic resolution.

Thats at least what
http://www.sonatype.com/people/2009/02/why-putting-repositories-in-your-poms-is-a-bad-idea/
talks about and what i've seen everytime I've used projects that had
repositories listed in their pom's.


Maven is expected to scope <repository> elements defined in pom.xml to resolve dependencies of that pom.xml only. Project-local repositories should not leak.

Unless you use mirrorOf=* (or external:*) in settings.xml, which is
exactly the reason I avoid mirrorOf.

Afaik this is the only way to actually work around this problem of foreign repositories get into your build ? do you know of something better ? :)


yes, https://github.com/etesla/nexus-mirror-selector ;-)

--
Regards,
Igor