brooklyn-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Richard Downer <rich...@apache.org>
Subject Re: brooklyn-all-[version]-with-dependencies.jar
Date Fri, 17 Apr 2015 08:52:20 GMT
Thanks all - I have removed this in PR
https://github.com/apache/incubator-brooklyn/pull/602.

Svet, regarding jmxmp - I have also considered this in the above PR.
It depended on brooklyn-utils-common, which transitively brought in
many more dependencies. However that was unnecessary, it still
compiles after brooklyn-utils-common has been removed. Therefore it
only has two dependencies, both non-Brooklyn, which are much easier to
manage.

Richard.


On 16 April 2015 at 20:37, Aled Sage <aled.sage@gmail.com> wrote:
> +1
>
> FYI the signed jar problem is for bouncy castle. When the bouncy castle
> security classes are in the with-dependencies jar rather than the original
> signed bouncy castle jar, they are unusable.
>
> Aled
>
>
>
> On 16/04/2015 13:14, Andrea Turli wrote:
>>
>> +1 especially the problem with signed jars is particularly annoying. I
>> think that jar doesn't need to be there.
>>
>> Andrea
>> Il 16/apr/2015 12:35, "Svetoslav Neykov"
>> <svetoslav.neykov@cloudsoftcorp.com>
>> ha scritto:
>>
>>> +1 for removing it.
>>> There's another shaded jar which we still need to keep around though -
>>> jmxmp. Does it really need to depend on Brooklyn?
>>>
>>> Svet.
>>>
>>>
>>>> On 16.04.2015 г., at 12:24, Richard Downer <richard@apache.org> wrote:
>>>>
>>>> All,
>>>>
>>>> Do we still have a use case for brooklyn-all using maven-shade-plugin
>>>> to make a "with-dependencies" jar?
>>>>
>>>> Since we have a well-established binary build now that easily supports
>>>> dropping in user's own libraries of entities, I would think that value
>>>> of this artifact has now dropped.
>>>>
>>>> I'm currently working on embedding correct LICENSE and NOTICE files
>>>> inside the Maven artifacts, and a shaded artifact of this size will
>>>> cause an absolute nightmare in trying to come up with accurate files
>>>> and keep them maintained.
>>>>
>>>> Furthermore, shading breaks signed jars. We have experience of
>>>> BouncyCastle failing in obscure ways when it's been shaded into
>>>> another jar because it's signature is no longer trusted.
>>>>
>>>> Note that I'm *not* proposing removing the brooklyn-all entity - which
>>>> is still a useful Maven meta-dependency for user projects - but I am
>>>> proposing removing the with-dependencies classified artifact.
>>>>
>>>> Any comments?
>>>>
>>>> Cheers
>>>> Richard.
>>>
>>>
>

Mime
View raw message