After reading it I have some more reasons to think that we should do it.

The blog isn't totally against. It says: "The short answer is: settings. The long answer is: it depends."

The main reason that they identify is that " The entries you have defined will be burned forever into your released POMs. This means that, should the URLs change down the road, anyone consuming your POMs will face these broken URLs and have to track down the new ones manually."

For our products we have the obligation to keep it for 5 years, so we already can't change the repo URL. Plus the fact that our quickstarts are not available through the Maven Central.

The blog itself also says: " If you are exposing your source and want to make it easy for others to build, then consider adding a repository entry to your POM, but don’t pick a URL lightly, think long-term, and use a URL that will always be under your control. If your URL has to change down the road, make sure that you will always be able to track 404s and write the appropriate mod_rewrite rules to ensure that future builds will be able to find the appropriate artifacts."

 Maybe I can be trying to convince myself, but what we're trying to achieve is "exposing your our source and want to make it easy for others to build"

Em 8/27/14, 8:52, Sande Gilda escreveu:
This was the email discussing the cons....


-------- Original Message --------
Subject: Re: Maven Configuration - preferred method
Date: Thu, 26 Apr 2012 18:50:57 +0200
From: Max Rydahl Andersen <max.andersen@redhat.com>
To: Sande Gilda <sgilda@redhat.com>
CC: Burr Sutter <bsutter@redhat.com>, Pete Muir <pmuir@redhat.com>, Paul Gier <pgier@redhat.com>, jboss-developer-usability-internal@redhat.com 


> I have inherited some Maven configuration documentation and am trying to verify a statement that was made in a topic on how to configure the project POM file to use the JBoss EAP Maven Repository.
> 
> It basically says: 
> "Red Hat recommends configuring the Maven repository in your project's pom.xml file so the configuration applies regardless of where the project is built." 
> This is as opposed to using the Maven settings.

This recommendation is broken standing on its own.

Read: http://www.sonatype.com/people/2009/02/why-putting-repositories-in-your-poms-is-a-bad-idea/

We don't even do this for our own products and with good reasons.

I know some projects do still do this but it has to be done very carefully.

All the arguments is in the blog from Sonatype.

Thus in my opinion we should say something like:

"Red Hat recommends configuration the Maven repository in your settings.xml and only place the repositories in your pom.xml if you understand the consequence of doing so, see <linktosontaypeblog>"
"For a team the simplest way is to host the maven repository on a shared webserver or use a repository manager such as Nexus or Artifactory and use these settings in their ~/.m2/settings.xml"

> Here are my questions:
> 	• Is the really the preferred and recommended configuration? This would only work if the repository is stored on a shared server. If the repository is installed on the local file system, this wouldn't work.

Yes, exactly.

> 	• For distributed development, it seems like it limits what a developer can do to optimize the build process.

Yup.

plus if the customer is putting this into  a pom that is referred to by other projects he can actually "inject" this repository into other users/customers builds which expect their builds to use nothing but their hosted repository.

> What should we be recommending here? Maven settings or project POM? Or does it just depend? Should we be recommending anything?