Re: Dependence on specific versions
On Feb 10, 2011, at 9:38 PM, Torsten Werner wrote:
> Hi Stefane,
> On Thu, Feb 10, 2011 at 3:25 PM, Stefane Fermigier <firstname.lastname@example.org> wrote:
>> Only by fixing version numbers of third-party libraries can you be sure that the same build that works today will still work next week, if you redo the build on the exact same version of the sources (and Maven, and Java, of course), any operating system.
> that sounds good but at least Maven does not really support fixed
> dependencies. Example:
> a.jar (0.1) depends on b.jar (0.1)
> c.jar (0.3) depends on b.jar (0.2)
> d.jar (0.4) depends on a.jar (0.1) and c.jar (0.3)
> What version of b.jar will be chosen by Maven? 0.1 or 0.2? You cannot
> predict that. Neither a.jar nor c.jar can rely on getting the version
> they want.
Actually, you can predict it. Given the above order and no outside influences like a dependencyManagement block in your (parent) pom, it would be 0.1. See http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html for a more detailed explanation on why this is and what surprising results the dependency mediation can have.
If a and c depend on the same part of the API of b and it has changed from .1 to .2 you will be in for either some spectacular failure at run time or some very subtle and hard to notice error in your application behaviour.