The one that talks, the one that does!
The one that talks, the one that does!
In a blog “Why Putting Repositories in your POMs is a Bad Idea“, Sonatype “asked” the open source community to manage their Maven2 POM file correctly.This is a good and important request, since Maven will not work correctly:
- Over time (due to URL changes)
- In a closed environment (no direct access to the Internet from a developer machine)
- Because it will shortcut the repository manager of your choice (Nexus, Archiva, or Artifactory) for resolving dependencies—this is most important.
We are facing this problem for almost every customer that uses Maven, and most of them are using the lazy and dirty solution of “mirrorOf“. It is argued in the blog that mirroring all Maven requests to a single URL is a good idea: We know it is a bad idea as it completely takes away control of isolating the source for releases, snapshots, and plug-ins!
There is however, a dramatic sentence in the blog about POM files coming from Open Source projects (it actually applies to everyone):
“The entries you have defined will be burned forever into your released POMs.”
It sounds like Maven is broken by design and forever, because of all the bad POM files that already exist out there.
Since we support our customers, and they are suffering from actions that are not under their control, we decided to fix it.
In the latest version of Artifactory (2.1.3), there is now a new feature: Automatic cleanup of remote repositories declared in POMs.
You can now configure any virtual repository to automatically clean up rogue remote repositories declared in POM files.
By default, Artifactory will do it for repositories and plug-in repositories directly declared under the project POM entity, or declared inside an active-by-default profile. You can enforce a deeper cleanup that removes all repository and plug-in repository declarations in all profiles.
Using Artifactory as your repository manager means that you will never get “burnt forever” by innocent mistakes done in POM files of nice, popular Open Source projects.
“The one that talks, the one that does!”
