Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 38267 invoked from network); 14 May 2008 00:56:22 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 May 2008 00:56:22 -0000 Received: (qmail 85366 invoked by uid 500); 14 May 2008 00:56:21 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 85314 invoked by uid 500); 14 May 2008 00:56:21 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 85303 invoked by uid 99); 14 May 2008 00:56:21 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 May 2008 17:56:21 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 May 2008 00:55:34 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 8B8DD234C10F for ; Tue, 13 May 2008 17:55:55 -0700 (PDT) Message-ID: <1879031089.1210726555566.JavaMail.jira@brutus> Date: Tue, 13 May 2008 17:55:55 -0700 (PDT) From: "Donald Woods (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-4013) Make our dependency usage the same as maven dependency usage via car-maven-plugin In-Reply-To: <2012276263.1210707355595.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/GERONIMO-4013?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596591#action_12596591 ] Donald Woods commented on GERONIMO-4013: ---------------------------------------- Patch lso includes some other security work - + > Make our dependency usage the same as maven dependency usage via car-maven-plugin > --------------------------------------------------------------------------------- > > Key: GERONIMO-4013 > URL: https://issues.apache.org/jira/browse/GERONIMO-4013 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Affects Versions: 2.2 > Reporter: David Jencks > Assignee: David Jencks > Fix For: 2.2 > > Attachments: GERONIMO-4013.diff > > > Right now the car-maven-plugin ignores maven transitive dependencies. One reason for this is that our build is not using our plugins as the "classloader source" of the maven dependencies that are in the plugin poms. If we restructured our build so that the pom dependency graph matched the geronimo classloader graph then perhaps we could let the car-maven-plugin follow transitive dependencies, thus making our view of dependencies pretty much the same as maven's. > This may show up many other problems, such as too many badly scoped dependencies in all sorts of projects we use. > One first step is to try out the car-maven-plugin with a flag for following transitive dependencies. As long as it is false we ought to get pretty much the previous behavior. > A first use could be for the new gshell plugins so they don't have to restate all the transitive dependencies. This may show up scope problems as well. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.