Giters

SemsProject / M2CAT

M2CAT is a web based tool to export reproducible research results

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Remove the repository configuration from the pom

FreakyBytes opened this issue · comments

commented

Trac Ticket #8

component: code
owner: somebody
reporter: martin
created: 2016-06-09 17:12:34
milestone:
type: task
version:
keywords:

The current pom.xml advises maven to download content from 3rd party servers! Could you please remove that. These things need to go into the user's maven settings, so that users are aware of the data leak and that they are required to decide whether they trust a certain source..

So please get rid of the whole subtree:

{{{
#!xml


sems-maven-repository-releases
SEMS Maven Repo
http://mvn.sems.uni-rostock.de/releases/
default

false

<!-- Miriam repository -->

<repository>
	<id>ebi-repo</id>
	<name>The EBI internal repository</name>
	<url>http://www.ebi.ac.uk/~maven/m2repo</url>
	<releases>
		<enabled>true</enabled>
	</releases>
	<snapshots>
		<enabled>false</enabled>
	</snapshots>
</repository>

<repository>
	<id>sems-maven-repository-snapshots</id>
	<name>SEMS Maven Repo</name>
	<url>http://mvn.sems.uni-rostock.de/snapshots/</url>
	<layout>default</layout>
	<releases>
		<enabled>false</enabled>
	</releases>
</repository>

<repository>
	<id>java-public-repo</id>
	<name>Java Maven public</name>
	<url>https://maven.java.net/content/groups/public/</url>
</repository>

<repository>
	<id>Neo4j releases</id>
	<name>Neo4j Releases</name>
	<url>http://m2.neo4j.org/content/repositories/releases</url>
</repository>
}}}

comment 1

time: 2016-09-06 11:47:54
author: martinP

This is simply not possible or feasible, since some libraries are just not available on maven-central.
And forcing the user to edit the system or user config, just so one project compiles is also no good practice.
Further since nobody's going to read the notice, the compilation will fail and cause another headache. I found it pointless to use an integrated build and dependency management system like maven, if we unnecessarily making it more difficult to compile our software.
Everybody using maven should be aware of the fact, that this software is downloading code from 3rd parties (just like any other build/package/library manager)