Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It doesn't need one, when version is already part of dependency definition.

If you want to be sure of what version you get, use it.



Transitive dependencies are not going to be in your POM file normally, and Maven has a confusing algorithm for resolving them (essentially, first found in a BFS over the dependency tree). And if you do include them, that will silently override transitive dependencies on more recent versions, which is rarely what is wanted.

Yes, you can ask the tool to print them. This is way worse than any of the other systems being discussed, where you can read a file in the repo.


It is so hard to redirect the tool output to my-favourite-filename.lock, beyond the skills of the average developer.


One may like it or not, but defaults matter.


Defaults don't change history.


Naming the file .lock does not make it a lockfile. (I can't believe I have to write that sentence. I don't think you're discussing technical details in good faith.)


Of course not, it fixes "... where you can read a file in the repo", because Maven already does everything else anyway.


> Ruby Bundler was the first language / ecosystem to really get dependencies right. AFAIK, they were the first to have a lockfile locking the version of each dependency and a Gemfile with flexible version specification for dependencies,

So other than having a lockfile and having a flexible version specification (and a sensible way to resolve multiple version requests), Maven did "it" first!

... what was "it" again?


Everything.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: