tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: How safe is using Tomcat code outside of normal distribution (from contributors)?
Date Thu, 21 Apr 2011 21:31:13 GMT
Hash: SHA1


On 4/21/2011 11:20 AM, dunnlow wrote:
> The jar tomcat-jdbc.jar (from
> seems to be what I need.  HOWEVER, I am concerned that this .jar is outside
> the normal apache tomcat distribution.  

It is. Given that it hasn't made it into the main distro, yet, you may
want to treat it as beta-quality.

That said, I trust Filip not to build something that is malicious. There
may be some performance problems or edge cases where the pool fails, but
it's certainly going to be /decent/ beta-quality software :)

> The jar seems very useful, so I assume there is some reason it is not rolled
> into the distribution.

Filip has been working on that component on and off the several years.
He recently returned from an extended leave of absence from the project
and will probably get back into things when he has time.

> Question: How safe (/common) is it to use code from contributors apache
> sites in a production system?

Frankly, I wouldn't do it.

Have you tried the pool that DOES come with Tomcat? It's a re-packaged
commons-dbcp library. There have been lots of complaints about it under
certain conditions but I've found that it meets my needs quite well.

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message