Hey everyone,
With PGP signing support, latest Tycho work and M2E extending PDE so *.target files can refer/use dependencies from Maven Central directly will prefer to use dependencies from Maven Central when updating to new versions of libraries.
This would be done only when we update to a new version of libraries or the dependency we use is no longer available in the latest Orbit build. When Maven Central is not OSGi artifact Orbit will be preferred.
From releng POV it would simply remove the middle man (Orbit/EBR) as Tycho automates what was achieved via EBR as an intermediate step to be part of the regular build.
Extra benefits are:
* Eclipse will no longer ship modified version of upstream release (PGP signature is in p2 metadata and not modifying the jar as jarsigner does)
* Eclipse will not longer ship bundles with symbolic names that do not match upstream developers decision (as it happens with number of Orbit artifacts)
* Version updates could be done in chunks rather than all changes at once to work with latest Orbit
I strongly encourage other projects to take that path too for third party dependencies.
--
Aleksandar Kurtakov
Red Hat Eclipse Team
