Vladimir Sitnikov created DRILL-8539:
----------------------------------------
Summary: Drop commons-lang3 dependency
Key: DRILL-8539
URL: https://issues.apache.org/jira/browse/DRILL-8539
Project: Apache Drill
Issue Type: Improvement
Reporter: Vladimir Sitnikov
Currently Drill uses only a few classes from commons-lang3, and it would
probably be worth dropping the dependency for the following reasons:
1) Better security. commons-* follows "all features in a single jar" pattern,
so a CVE in one of the classes would impact Drill
2) Fewer bytes to ship with binary distribution. `commons-lang3` is ~690K
I have raised a suggestion to make commons-lang3 modular and extract modules
like commons-stringutils, commons-arrayutils, however, Commons team does not
seem to like the idea.
Commons PMC members often suggest that users should clone the code or shade
commons-lang, see
https://lists.apache.org/thread/xzdhv57o9rnxtzn5fqbtkzj0hdkbm339
So I wonder what do you think of dropping commons-lang3 and replacing it with
core Java?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
