[jira] [Commented] (CASSANDRA-17750) Remove dependency on Maven Ant Tasks

Tue, 12 Jul 2022 17:14:25 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17566075#comment-17566075
 ] 

Abe Ratnofsky commented on CASSANDRA-17750:
-------------------------------------------

Here's a branch with fixes targeting cassandra-4.1: 
[https://github.com/apache/cassandra/compare/cassandra-4.1...aratno:cassandra:CASSANDRA-17750-remote-maven-ant-tasks]

 

[~dcapwell] and [~mck] would you be able to take a look?

 

I've tested that builds still succeed, and this commit reflects what I've 
changed in the POMs from what is generated by ant _write-poms: 
[https://github.com/aratno/cassandra/commit/f80da9bc67a468c2b89d4c9d02464a34715642f8]

> Remove dependency on Maven Ant Tasks
> ------------------------------------
>
>                 Key: CASSANDRA-17750
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17750
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build, Dependencies, Packaging
>            Reporter: Abe Ratnofsky
>            Assignee: Abe Ratnofsky
>            Priority: Normal
>              Labels: patch-pending
>             Fix For: 4.x
>
>
> Apache Cassandra depends on Maven Ant Tasks (MAT) during build, for declaring 
> dependencies and generating POM files from within build.xml. MAT has long 
> been retired (no commits since maintenance in 2015), has registered CVEs in 
> dependencies (CVE-2017-1000487), and encourages migration to its successor, 
> Maven Artifact Resolver Ant Tasks (MARAT).
> As part of CASSANDRA-16391 
> <https://issues.apache.org/jira/browse/CASSANDRA-16391>, mck migrated 
> dependency resolution to MARAT, but MAT is still included in our build for 
> generating POMs since MARAT does not have an alternative to the writepom task 
> provided by MAT. I have a patch ready that removes MAT completely, with a 
> workaround for POM generation.
> I am not advocating for any kind of migration away from Ant to an alternative 
> like Gradle or Maven, just to be extra clear.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to