BUT in this case the latest version of the Sonar plugin would be taken. As soon as Sonar 2.6 would be released, Maven would automatically use the plugin in version 2.6. If you don't plan to upgrade your Sonar server, it will fail. The answer to this problem is already well-known: define all versions of your plugins in the pom. So you would add:
<plugin> <groupId>org.codehaus.sonar</groupId> <artifactId>sonar-maven-plugin</artifactId> <version>2.5</version> </plugin>
in all pom (or in corporate pom). And you would have to update your projects each time you are updating sonar server. Very annoying but that's not all.
What if you have an integration/acceptance/pre-production instance of Sonar in version 2.5, and a production version in version 2.4? You can't analyse the same project with the two instances because you have fixed the version of the sonar plugin to version 2.5 in the pom. You may finally make it works with external properties or any other ugly hack.