10:50 a.m.
Hi,
One of the requirement to get added on the start.spring.io website is to
have BOMs and that is what we did. But now they are reviewing our request
and I got this as remark :
"
The version.keycloak version in your bom doesn't look right to me. If you
import a bom of version A.B.C it makes no sense to ask for D.E.F. (a
dependency may have been added/remove in that version). I'd rather
hard-code the version in each dependency (that will be updated by the
release process the same way as the property anyway). Also, that bom is a
child of your main pom which is usually a bad idea. I can see that you have
a repositories definition there that is going to pollute the Maven build.
Worse, you inherit from the dependency management of the whole
infrastructure (including Jackson, log4j and a bunch of 3rd party
libraries). We can't accept a bom that does that as it conflicts with
Spring Boot's dependency management.
"
Does that make all sense to you ? TBH I'm not a BOM expert but looks like
it make sense (at least for not using the keycloak parent pom)
2:35 a.m.
Makes sense. Here's fix:
https://github.com/keycloak/keycloak/pull/3942
On 10 March 2017 at 17:50, Sebastien Blanc <sblanc(a)redhat.com> wrote:
Hi,
One of the requirement to get added on the start.spring.io website is to
have BOMs and that is what we did. But now they are reviewing our request
and I got this as remark :
"
The version.keycloak version in your bom doesn't look right to me. If you
import a bom of version A.B.C it makes no sense to ask for D.E.F. (a
dependency may have been added/remove in that version). I'd rather
hard-code the version in each dependency (that will be updated by the
release process the same way as the property anyway). Also, that bom is a
child of your main pom which is usually a bad idea. I can see that you have
a repositories definition there that is going to pollute the Maven build.
Worse, you inherit from the dependency management of the whole
infrastructure (including Jackson, log4j and a bunch of 3rd party
libraries). We can't accept a bom that does that as it conflicts with
Spring Boot's dependency management.
"
Does that make all sense to you ? TBH I'm not a BOM expert but looks like
it make sense (at least for not using the keycloak parent pom)
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2:35 a.m.
Makes sense. Here's fix:
https://github.com/keycloak/keycloak/pull/3942
On 10 March 2017 at 17:50, Sebastien Blanc <sblanc(a)redhat.com> wrote:
Hi,
One of the requirement to get added on the start.spring.io website is to
have BOMs and that is what we did. But now they are reviewing our request
and I got this as remark :
"
The version.keycloak version in your bom doesn't look right to me. If you
import a bom of version A.B.C it makes no sense to ask for D.E.F. (a
dependency may have been added/remove in that version). I'd rather
hard-code the version in each dependency (that will be updated by the
release process the same way as the property anyway). Also, that bom is a
child of your main pom which is usually a bad idea. I can see that you have
a repositories definition there that is going to pollute the Maven build.
Worse, you inherit from the dependency management of the whole
infrastructure (including Jackson, log4j and a bunch of 3rd party
libraries). We can't accept a bom that does that as it conflicts with
Spring Boot's dependency management.
"
Does that make all sense to you ? TBH I'm not a BOM expert but looks like
it make sense (at least for not using the keycloak parent pom)
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
2:35 a.m.
Makes sense. Here's fix:
https://github.com/keycloak/keycloak/pull/3942
On 10 March 2017 at 17:50, Sebastien Blanc <sblanc(a)redhat.com> wrote:
Hi,
One of the requirement to get added on the start.spring.io website is to
have BOMs and that is what we did. But now they are reviewing our request
and I got this as remark :
"
The version.keycloak version in your bom doesn't look right to me. If you
import a bom of version A.B.C it makes no sense to ask for D.E.F. (a
dependency may have been added/remove in that version). I'd rather
hard-code the version in each dependency (that will be updated by the
release process the same way as the property anyway). Also, that bom is a
child of your main pom which is usually a bad idea. I can see that you have
a repositories definition there that is going to pollute the Maven build.
Worse, you inherit from the dependency management of the whole
infrastructure (including Jackson, log4j and a bunch of 3rd party
libraries). We can't accept a bom that does that as it conflicts with
Spring Boot's dependency management.
"
Does that make all sense to you ? TBH I'm not a BOM expert but looks like
it make sense (at least for not using the keycloak parent pom)
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
3151
days inactive
3154
days old
3 comments
2 participants
participants (2)
-
Sebastien Blanc -
Stian Thorgersen