Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [tycho-user] Tycho and dependencyManagement



On 12-04-13 7:51 AM, Max Rydahl Andersen wrote:

The only reason why it is bad to have repositories listed
directly in your pom.xml is that maven has this
brilliant/bad/weird idea that anyone that depend on such a pom
also need to get that repository added into their build - its
basically "leaking" in the build details of how projext X was
built into projext Y which is just *using* not building project
X.


Ummm... I am pretty sure Maven will handle such indirectly
configured repositories correctly.

How ? afaik, it will use *all* repositories defined in my and any
transitive dependent projects to try and resolve dependencies which
causes nondeterministic resolution.

Thats at least what
http://www.sonatype.com/people/2009/02/why-putting-repositories-in-your-poms-is-a-bad-idea/
talks about and what i've seen everytime I've used projects that had
repositories listed in their pom's.


Maven is expected to scope <repository> elements defined in pom.xml to
resolve dependencies of that pom.xml only. Project-local repositories
should not leak.

Unless you use mirrorOf=* (or external:*) in settings.xml, which is
exactly the reason I avoid mirrorOf.

Afaik this is the only way to actually work around this problem of
foreign repositories get into your build ? do you know of something
better ? :)


yes, https://github.com/etesla/nexus-mirror-selector ;-)

--
Regards,
Igor


Back to the top