[jira] [Comment Edited] (CASSANDRA-17750) Remove dependency on Maven Ant Tasks

Tue, 23 Aug 2022 10:55:05 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17583769#comment-17583769
 ] 

David Capwell edited comment on CASSANDRA-17750 at 8/23/22 5:54 PM:
--------------------------------------------------------------------

Starting commit

CI Results (pending):
||Branch||Source||Circle CI||Jenkins||
|trunk|[branch|https://github.com/dcapwell/cassandra/tree/commit_remote_branch/CASSANDRA-17750-trunk-96419495-920E-4459-AED6-52E4CF36A1AF]|[build|https://app.circleci.com/pipelines/github/dcapwell/cassandra?branch=commit_remote_branch%2FCASSANDRA-17750-trunk-96419495-920E-4459-AED6-52E4CF36A1AF]|[build|https://ci-cassandra.apache.org/job/Cassandra-devbranch/1888/]|



was (Author: dcapwell):
Starting commit

CI Results (pending):
||Branch||Source||Circle CI||Jenkins||
|trunk|[branch|https://github.com/dcapwell/cassandra/tree/commit_remote_branch/CASSANDRA-17750-trunk-96419495-920E-4459-AED6-52E4CF36A1AF]|[build|https://app.circleci.com/pipelines/github/dcapwell/cassandra?branch=commit_remote_branch%2FCASSANDRA-17750-trunk-96419495-920E-4459-AED6-52E4CF36A1AF]|[build|unknown]|


> Remove dependency on Maven Ant Tasks
> ------------------------------------
>
>                 Key: CASSANDRA-17750
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17750
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build, Dependencies, Packaging
>            Reporter: Abe Ratnofsky
>            Assignee: Abe Ratnofsky
>            Priority: Normal
>             Fix For: 4.x
>
>          Time Spent: 10h 10m
>  Remaining Estimate: 0h
>
> Apache Cassandra depends on Maven Ant Tasks (MAT) during build, for declaring 
> dependencies and generating POM files from within build.xml. MAT has long 
> been retired (no commits since maintenance in 2015), has registered CVEs in 
> dependencies (CVE-2017-1000487), and encourages migration to its successor, 
> Maven Artifact Resolver Ant Tasks (MARAT).
> As part of CASSANDRA-16391 
> <https://issues.apache.org/jira/browse/CASSANDRA-16391>, mck migrated 
> dependency resolution to MARAT, but MAT is still included in our build for 
> generating POMs since MARAT does not have an alternative to the writepom task 
> provided by MAT. I have a patch ready that removes MAT completely, with a 
> workaround for POM generation.
> I am not advocating for any kind of migration away from Ant to an alternative 
> like Gradle or Maven, just to be extra clear.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to