Ceki Gülcü wrote:
Alex,
To begin, I am sorry about the hassle this upgrade is causing. Looking
at the Maven repository at ibiblio, it seems that they (ibiblio) are
publishing the pom files without modification [1].
Here are some details about the process for building the jar file for
ibiblio:
- NLOG4J does not use Maven itself,
- The jar file used for the Maven (Ibiblio) upload requests gets
assembled by an Ant build file [2].
- It uses the pom file defined in [3].
[1] http://www.ibiblio.org/maven/org.slf4j/poms/
[2] http://svn.slf4j.org/viewcvs/nlog4j/trunk/ibiblio.xml
[3] http://svn.slf4j.org/viewcvs/nlog4j/trunk/src/pom/project.xml
At this stage I am tempted to simply delete the dependency tags in
NLOG4J's pom file. I could also add a <scope>provided</scope> element
in each appropriate dependency. Which alternative do you think is better?
Hmmm going on a couple days of no sleep here so I might be babbling.
Take my comments with a grain of salt.
If you exclude these dependencies then m2 should not require them to be
present for nlog4j dependent projects: this is the simplest case. WRT
nlog4j dependent projects the net effect is pretty much the same as
marking these dependencies as provided: nlog4j dependent projects would
not include these SUN API jars as dependencies. The only reason why you
may want to mark them as having the provided scope is for your nlog4j
build process. Meaning if you must compile these classes which depend
on SUN API's then these jars must be present. That is if you used m2 but
you don't.
So in conclusion the approach does not really matter. You can remove
the deps or include them and mark them with the provided scope. Now I
don't know if there is some benefit for publishing the fact that you
have classes depending on these SUN artifacts by including them in your
pom. You might want to get some recommendations from the maven peeps on
this. They certainly have more vision than I do.
HTH,
Alex
P.S. If/when you change your pom though, make sure you bump your
revision number to say 1.2.24 because people will have already pulled
down your old non-snapshot pom: you'll want to leave your old pom there
as is.
At 05:11 PM 3/13/2006, Alex Karasulu wrote:
Ceki,
My comments are inline...
Gülcü wrote:
At 08:58 AM 3/11/2006, Alex Karasulu wrote:
Just kidding but we need to talk to Ceki about this and see if he
can change his pom. At this point we cannot upgrade to the 1.0
slf4j compatible nlog4j. It adds things like the jmx jar,
activation, mail, and I think I even saw Maven download my mother
in law.
This happened once before and Ceki reverted. I don't think he'd
stick with this so we just need to talk to him. Perhaps he's
unaware of it creeping in again.
No, I am not aware of jmx, activation, mail... jar files creeping in
as requirements downstream. Those files are required for compiling
NLOG4J (as well as log4j) but compiling log4j/nlog4j should not be
an ADS concern. NLOG4J SVN repository [1] indicates that the
NLOG4J's POM file has not changed since 28th of August 2005. You
also mentioned that ADS was currently using 1.2.19 which was
released around December 2005. Given that NLOG4J's POM file has not
changed between 1.2.19 and 1.2.23, there is nothing to revert, is
there?
[1]
http://svn.slf4j.org/viewcvs/nlog4j/trunk/src/pom/project.xml?rev=243&view=log
Hmmm that's very odd. Something had to change. Looks like this is a
Maven 1 pom. So someone put together the Maven 2 pom for you at
ibiblio without considering the scope of the dependencies. In maven
2 you can control dependency scope. Meaning you can make things
dependent for test, or just compile stages of the lifecycle. Namely
here these dependencies should be of the provided scope I think: if
they are used then the jars are provided. Brett Porter would know
best but I hate to bug the guy :).
Forgive the crazy email ... its late...
Alex
P.S. Ceki help us to get to 1.2.23 please!
I am not very Maven savvy but other than that I'll do my best.
First question, are you trying to build NLOG4J with Maven? If not,
is it possible to tell Maven not to drag in NLOG4J dependencies?
Yeah there is with Maven 2 and apparent this is what has been
misconfigured by who ever put deployed the nlog4j jar. The
dependencies for sun jars should always be provided I "think" to
prevent their transitivity. Incidentally our build uses maven 2.
Alex
