Code which was already made shouldn’t be an issue unless it is full of bugs. We should be careful when trying to replace existing code with external libraries because there is rarely a guarantee that it will work exactly as the old code does.
Dependencies create problems when the dependent project decides to slightly change the behavior of X class (for some reason) then our project starts showing random bugs every 16 hours because of it. For example, we may have a Compare<> which violates the contract because (A) is not always greater than (B). This violation works fine in QuickSort but causes MergeSort to explode with Exceptions in very rare situations. A dependency could decide that MergeSort was better/faster and change without us knowing causing very random bugs to show up in production systems with our code. We have to fix bugs in our projects and support the code in the dependencies. Unless the dependent code is huge (like Bouncycastle), I think it rarely works out as a energy-time-saver. On Fri, Aug 17, 2018 at 3:48 AM, Lyor Goldstein <lgoldst...@apache.org> wrote: > >>> Of course, it's all about the size of what is copied. At some point, > it > would be better to go witha third party dependency instead of copying > its code. > > Valid observation - we will need to "weigh" the amount of copied code and > see how "heavy" it is. > > >>> On important aspect of adding external dpendencies is that it' binds > ou users, > unless they use OSGi. > > I am not clear as to what this concern actually raises. SSHD has at least > one mandatory dependency (*slf4j*) and at least 2 others that are very > likely to be used - *Bouncycastle* (the code can work quite smoothly even > without it, but many consider it very useful) and *EdDsa* (optional as far > as SSHD is concerned, but effectively *must *have for users who require > EDDSA keys support). So what does it matter if instead of 1, 2 or 3 > dependencies we have 5, 6, 7, or even 10 ? How does this require OSGi ? > Isn't Maven/Gradle dependency mechanism good enough ? >
