> I want to pin versions of dependencies (and dependencies-of-dependencies) so my builds are repeatable
That's by default in maven - you have to do something really stupid to get non-repeatable builds (usually involves specifying open version ranges or some weird plugin magic)
>everyone who's forked my git repo can still build the code if the Maven URL's for the deps have gone out of business
One of the main advantages of maven is just the opposite of that - you don't have to bundle your dependencies and get them to other people - they can just ask maven to fetch them. And maven is not going away.
> That's by default in maven - you have to do something really stupid to get non-repeatable builds
I think they changed it now but for years the default behaviour was to get the latest versions of every plugin, making builds non-repeatable by default.
That's by default in maven - you have to do something really stupid to get non-repeatable builds (usually involves specifying open version ranges or some weird plugin magic)
>everyone who's forked my git repo can still build the code if the Maven URL's for the deps have gone out of business
One of the main advantages of maven is just the opposite of that - you don't have to bundle your dependencies and get them to other people - they can just ask maven to fetch them. And maven is not going away.