incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Connolly <>
Subject Re: Inconsistent dependencies
Date Wed, 25 Apr 2012 08:00:46 GMT
On 25 April 2012 08:39, Matthias Pfau <> wrote:

> Hi there,
> yesterday, we noticed that cassandra is currently published with
> inconsistent dependencies. The inconsistencies exist between the published
> pom and the published distribution (tar.gz).
> This is a serious issue for us as we are using pom dependencies for
> development/testing and a tarball distribution for production.
> I have read**jira/browse/CASSANDRA-850<>and
understood that you version all runtime dependencies in lib/ because
> you have to update license files manually and therefore see no benefit in
> using ivy.

Not using ivy any more, switched to Maven ANT tasks.... but same difference.

> However, I would like to make the following proposals for solving the
> described issue:
> a.) don't put everything from lib/ on the compile classpath but rather
> each library individually. Extract the versions into constants that are
> used to put the jars from lib/ onto the classpath and to generate a
> consistent pom.

Makes some occasionally invalid assumptions about lib folder versioning and
maven repo versioning.

> b.) go a step back and don't version any jars in lib/ but automate the
> retrieval of license files (would do this for you, if needed)

I'd be interested in seeing what reaction you get to this... I suggested it
a while back, but got nowhere

> c.) create a fat-jar of all dependencies or relabel all dependencies and
> publish them to the maven repo, too

God no. not c)

> What do you think?
> I am also interested in knowing what you do to workaround this problem!
> And if it is not a problem for you, please tell me why...

Every so often, I get some cycles free and I check the pom for being valid
and push patches to the C* devs. I haven't had many cycles in the 1.0.x
suite of releases. the 0.8.x set should be fairly close, I think only 1 or
2 releases escaped with different dependencies. Also, for 1 or 2
dependencies, they are exactly the same but the checksums differ due to
timestamp changes, a deep diff of the bytecode reveals that the
dependencies are effectively the same. Due to having bigger fish to fry,
for those deps I have not bothered fighting to get the lib version changed.

In general, maintaining the pom is something that can fall off the C* devs
radar... in part because some of the devs are not interested in generating
poms (I suspect as a result of being burned by some of the woefully bad
maven builds I have seen some people force on people [virtually looks at
co-worker and shakes head]) and in part because most of the devs are not
"Maven" people and so do not fully grok the pom itself.

I will take a quick look and see if I can push a patch, sylvain or jonathan
are usually happy to apply them for me.

> Kind regards
> Matthias

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message