Howdy, locking the plugin versions is considered (and communicated) as "best practice" since 2009 (since Maven 3 appeared).
Otherwise, you get plugin versions that are coming from the lifecycle in the _used_ maven version, and if you use one version, and somebody else some other version, plugins versions are mixed up. Moreover, we still have "fairly recent" Maven versions that are running 2.x plugins (!) So you want to undo the best practice that was communicated since 2009? Thanks T On Mon, Aug 4, 2025 at 10:39 PM Romain Manni-Bucau <rmannibu...@gmail.com> wrote: > > Hi all, > > We discussed multiple times the plugin version locking but it is an issue > for the ones involved in the default lifecycle since now when you create a > new project you need 50 lines to lock versions (from my window the > convention over configuration became a configuration over anything)...and > then you locked versions so upgrading maven is harder than it was by the > past. > > There is a debate between: > > 1 we need to lock version to get the build deterministic > 2 we shouldn't lock versions and stay aligned on the defaults within maven > > 1 is quite wrong since it also implicitly assume you do not change the > maven version (otherwise it just doesnt work for the same reason you want > to lock plugin versions) but 2 is not 100% perfect since it can hide the > fact you do use another version. > > However we are lucky and have enforcer plugin which does solves it. > > So I wonder if we should revert the version locking warning when pom is > without any build section for default plugins. > > I know a custom extensions can somehow replace a super pom and kind of > solve it but you still need to define it which is still undesired to have a > proper default "convention" setup IMHO. > > Romain Manni-Bucau > @rmannibucau <https://x.com/rmannibucau> | .NET Blog > <https://dotnetbirdie.github.io/> | Blog <https://rmannibucau.github.io/> | > Old > Blog <http://rmannibucau.wordpress.com> | Github > <https://github.com/rmannibucau> | LinkedIn > <https://www.linkedin.com/in/rmannibucau> | Book > <https://www.packtpub.com/en-us/product/java-ee-8-high-performance-9781788473064> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
