Re: Dependence on specific versions
On Feb 10, 2011, at 9:38 PM, Torsten Werner wrote:
> Hi Stefane,
>
>
> On Thu, Feb 10, 2011 at 3:25 PM, Stefane Fermigier <sf@nuxeo.com> wrote:
>> Only by fixing version numbers of third-party libraries can you be sure that the same build that works today will still work next week, if you redo the build on the exact same version of the sources (and Maven, and Java, of course), any operating system.
>
> that sounds good but at least Maven does not really support fixed
> dependencies. Example:
>
> a.jar (0.1) depends on b.jar (0.1)
> c.jar (0.3) depends on b.jar (0.2)
> d.jar (0.4) depends on a.jar (0.1) and c.jar (0.3)
>
> What version of b.jar will be chosen by Maven? 0.1 or 0.2? You cannot
> predict that. Neither a.jar nor c.jar can rely on getting the version
> they want.
>
> That is why the concept of fixed version dependencies is fully broken, sorry.
A lot of things are wrong in Maven, but it this case, you just ask maven to use a fixed version of the dependency in the dependencyManagement section of your POM, and voila.
See our master POM for examples: http://hg.nuxeo.org/nuxeo/file/20953aeee544/pom.xml
S.
--
Stefane Fermigier, Founder and Chairman, Nuxeo
Open Source, Java EE based, Enterprise Content Management (ECM)
http://www.nuxeo.com/ - +33 1 40 33 79 87 - http://twitter.com/sfermigier
Join the Nuxeo Group on LinkedIn: http://linkedin.com/groups?gid=43314
New Nuxeo release: http://nuxeo.com/dm54
"There's no such thing as can't. You always have a choice."
Reply to: