On Feb 10, 2011, at 9:38 PM, Torsten Werner wrote: > Hi Stefane, > > > On Thu, Feb 10, 2011 at 3:25 PM, Stefane Fermigier <[email protected]> wrote: >> Only by fixing version numbers of third-party libraries can you be sure that >> the same build that works today will still work next week, if you redo the >> build on the exact same version of the sources (and Maven, and Java, of >> course), any operating system. > > that sounds good but at least Maven does not really support fixed > dependencies. Example: > > a.jar (0.1) depends on b.jar (0.1) > c.jar (0.3) depends on b.jar (0.2) > d.jar (0.4) depends on a.jar (0.1) and c.jar (0.3) > > What version of b.jar will be chosen by Maven? 0.1 or 0.2? You cannot > predict that. Neither a.jar nor c.jar can rely on getting the version > they want. > > That is why the concept of fixed version dependencies is fully broken, sorry.
A lot of things are wrong in Maven, but it this case, you just ask maven to use a fixed version of the dependency in the dependencyManagement section of your POM, and voila. See our master POM for examples: http://hg.nuxeo.org/nuxeo/file/20953aeee544/pom.xml S. -- Stefane Fermigier, Founder and Chairman, Nuxeo Open Source, Java EE based, Enterprise Content Management (ECM) http://www.nuxeo.com/ - +33 1 40 33 79 87 - http://twitter.com/sfermigier Join the Nuxeo Group on LinkedIn: http://linkedin.com/groups?gid=43314 New Nuxeo release: http://nuxeo.com/dm54 "There's no such thing as can't. You always have a choice." -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
