On Tue, Jul 16, 2024 at 8:48 AM Jeff Jirsa <jji...@gmail.com> wrote:
> if it’s unmaintained, let’s remove it before we’re doing it on fire. > +1 Fire drills are never pleasant. CLI parsing isn't a huge area of personal interest to me. However, it presents a non-trivial attack surface as input processing is a ripe target for vulnerabilities. I don't know if there are vulnerabilities lying around in hiding but if / when they are reported we will need to address them outside of the library or migrate to a maintained library at that time. Neither option is very appealing at that point. So I am of the opinion we should transition to a maintained library with healthy community support. Both picocli and commons-cli have good adoption and community around them.