Remove the repository configuration from the pom
FreakyBytes opened this issue · comments
Trac Ticket #8
component: code
owner: somebody
reporter: martin
created: 2016-06-09 17:12:34
milestone:
type: task
version:
keywords:
The current pom.xml
advises maven to download content from 3rd party servers! Could you please remove that. These things need to go into the user's maven settings, so that users are aware of the data leak and that they are required to decide whether they trust a certain source..
So please get rid of the whole subtree:
{{{
#!xml
sems-maven-repository-releases
SEMS Maven Repo
http://mvn.sems.uni-rostock.de/releases/
default
false
<!-- Miriam repository -->
<repository>
<id>ebi-repo</id>
<name>The EBI internal repository</name>
<url>http://www.ebi.ac.uk/~maven/m2repo</url>
<releases>
<enabled>true</enabled>
</releases>
<snapshots>
<enabled>false</enabled>
</snapshots>
</repository>
<repository>
<id>sems-maven-repository-snapshots</id>
<name>SEMS Maven Repo</name>
<url>http://mvn.sems.uni-rostock.de/snapshots/</url>
<layout>default</layout>
<releases>
<enabled>false</enabled>
</releases>
</repository>
<repository>
<id>java-public-repo</id>
<name>Java Maven public</name>
<url>https://maven.java.net/content/groups/public/</url>
</repository>
<repository>
<id>Neo4j releases</id>
<name>Neo4j Releases</name>
<url>http://m2.neo4j.org/content/repositories/releases</url>
</repository>
comment 1
time: 2016-09-06 11:47:54
author: martinP
This is simply not possible or feasible, since some libraries are just not available on maven-central.
And forcing the user to edit the system or user config, just so one project compiles is also no good practice.
Further since nobody's going to read the notice, the compilation will fail and cause another headache. I found it pointless to use an integrated build and dependency management system like maven, if we unnecessarily making it more difficult to compile our software.
Everybody using maven should be aware of the fact, that this software is downloading code from 3rd parties (just like any other build/package/library manager)