incubator-cassandra-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stephen Connolly <stephen.alan.conno...@gmail.com>
Subject Re: Inconsistent dependencies
Date Wed, 25 Apr 2012 08:00:46 GMT
On 25 April 2012 08:39, Matthias Pfau <pfau@l3s.de> wrote:

> Hi there,
> yesterday, we noticed that cassandra is currently published with
> inconsistent dependencies. The inconsistencies exist between the published
> pom and the published distribution (tar.gz).
>
> This is a serious issue for us as we are using pom dependencies for
> development/testing and a tarball distribution for production.
>
> I have read https://issues.apache.org/**jira/browse/CASSANDRA-850<https://issues.apache.org/jira/browse/CASSANDRA-850>and
understood that you version all runtime dependencies in lib/ because
> you have to update license files manually and therefore see no benefit in
> using ivy.
>

Not using ivy any more, switched to Maven ANT tasks.... but same difference.


>
> However, I would like to make the following proposals for solving the
> described issue:
> a.) don't put everything from lib/ on the compile classpath but rather
> each library individually. Extract the versions into constants that are
> used to put the jars from lib/ onto the classpath and to generate a
> consistent pom.
>

Makes some occasionally invalid assumptions about lib folder versioning and
maven repo versioning.


> b.) go a step back and don't version any jars in lib/ but automate the
> retrieval of license files (would do this for you, if needed)
>

I'd be interested in seeing what reaction you get to this... I suggested it
a while back, but got nowhere


> c.) create a fat-jar of all dependencies or relabel all dependencies and
> publish them to the maven repo, too
>

God no. not c)


>
> What do you think?
>
> I am also interested in knowing what you do to workaround this problem!
> And if it is not a problem for you, please tell me why...
>

Every so often, I get some cycles free and I check the pom for being valid
and push patches to the C* devs. I haven't had many cycles in the 1.0.x
suite of releases. the 0.8.x set should be fairly close, I think only 1 or
2 releases escaped with different dependencies. Also, for 1 or 2
dependencies, they are exactly the same but the checksums differ due to
timestamp changes, a deep diff of the bytecode reveals that the
dependencies are effectively the same. Due to having bigger fish to fry,
for those deps I have not bothered fighting to get the lib version changed.

In general, maintaining the pom is something that can fall off the C* devs
radar... in part because some of the devs are not interested in generating
poms (I suspect as a result of being burned by some of the woefully bad
maven builds I have seen some people force on people [virtually looks at
co-worker and shakes head]) and in part because most of the devs are not
"Maven" people and so do not fully grok the pom itself.

I will take a quick look and see if I can push a patch, sylvain or jonathan
are usually happy to apply them for me.


>
> Kind regards
> Matthias
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message