Real world example: WebLogic delivers webserviceclient+ssl.jar.
It is no problem to create a POM file for this artifact with as "weblogic:webserviceclient+ssl:18.104.22.168" and deploy this with the prepared POM into the repository. It is also no problem to deploy artifacts with a prepared POM that declare a dependency to this artifact. However, if this artifact is declared as direct dependency to a project the build fails immediately with :
and worse, if the artifact is a transitive dep, you only get a non-explaining warning and all other dependencies of the "transitive artifact" are dropped:
The deploy plugin has to validate the (also a generated) POM before deploying an artifact with deploy:deploy-file.
BTW: I suppose the install plugin has the same issue with install:install-file. However, I also suppose the code is shared