Conversation
elharo
left a comment
elharo
left a comment
There was a problem hiding this comment.
Would a BOM have a dependenciesManagement section and not a dependencies section?
|
@elharo (I might not get the implication of your question.) BOM has a dependencyManagement section. BOM would not have dependencies section. The same for a parent POM (such as google-cloud-asset-parent pom.xml). A parent pom may have a dependencyManagement section and would not have dependencies section. |
|
Is there a difference between a BOM and a parent POM then? Or could one theoretically be used in place of the other? That is,
Thinking about it, I think the difference between a BOM and a parent pom is how they're imported, not any content in the pom.xml itself. Is that a useful way to think about this? |
|
Yes, and I agree with your analysis. The difference is only how they’re
imported.
Do you also think this PR checking the name is best available way to fix
the problem?
(Your comment brought me an idea of checking “parent” section of all pom
files in the repository to identify parent poms. But it may be overkill if
checking its name suffices)
…On Thu, Feb 25, 2021 at 18:35 Elliotte Rusty Harold < ***@***.***> wrote:
Is there a difference between a BOM and a parent POM then? Or could one
theoretically be used in place of the other? That is,
- BOMs: have a dependencyManagement section and do not have a
dependencies section
- non-BOMs: have a dependencies section. Might have a
dependencyManagement section.
Thinking about it, I think the difference between a BOM and a parent pom
is how they're imported, not any content in the pom.xml itself. Is that a
useful way to think about this?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#1960 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAAG7PDG276OEHXZDV3VO7TTA3NEBANCNFSM4YHLXJRQ>
.
|
|
I just saw Stephanie's issue. I'm not sure what the right fix is here. I might need to sleep on this one. Generically what's the problem with checking a parent pom a we would a BOM? Do we think linkage errors are OK there? I suppose it's possible that the entire set of artifacts is never used together, but that's true for any BOM. |
|
To implement it as reading a file that lists artifacts. |
2 participants
Fixes #1958.
@elharo Do you think of a better way than checking "-bom" to distinguish a BOM from a non-BOM?
The gax-java repository is a Gradle project and the repository does not have pom.xml files for its artifacts (gax, gax-httpjson, gax-grpc). This is the background of Linkage Monitor to read content of a BOM #1920.