maven-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Scholte (JIRA)" <j...@codehaus.org>
Subject [jira] (MENFORCER-51) build failure in case of available updates
Date Wed, 05 Jun 2013 19:29:03 GMT

    [ https://jira.codehaus.org/browse/MENFORCER-51?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=326272#comment-326272
] 

Robert Scholte commented on MENFORCER-51:
-----------------------------------------

Although this may look like a nice feature, there's a potential danger here.
Suppose the latest version of a parent/dependency/plugin introduces a bug, which is exposed
during the build-time of your project, then you can't build/test/package (and release!) it.
Or even worse: the latest version introduces a security-bug at runtime without being noticed.
Once it is in your local repo you're doomed.
In my opinion this should be solved the repository manager. There you should be able to specify
version-ranges which can or cannot be used. When _deploying_ your project, the repository
manager should analyze the pom.xml for blacklisted dependencies/plugins/parents and fail the
deploy in such case.

                
> build failure in case of available updates
> ------------------------------------------
>
>                 Key: MENFORCER-51
>                 URL: https://jira.codehaus.org/browse/MENFORCER-51
>             Project: Maven 2.x Enforcer Plugin
>          Issue Type: Wish
>          Components: Standard Rules
>            Reporter: Tomasz Pik
>
> It would be useful to have a possibility to fail build if there's an update of given
dependency.
> In some way it would 'solve' problem of 'how to depend of latest stable version of my
company parent pom' problem - build would just not pass
> if there's an update.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message