[
https://issues.apache.org/jira/browse/OFBIZ-5464?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13899040#comment-13899040
]
Pierre Smits commented on OFBIZ-5464:
-------------------------------------
Is Maven truly an option? I believe not, as we don't publishing artifacts as a
output of this project. We only consume and reuse.
Re #1: vulnerabilities
What vulnerabilities besides the obvious when using 3rd party components? In a
proper setup of the CI these will be found and addressed, right? Isn't it so
that only those components are included in nightly and other releases when
there is confidence that they don't break functionality...
Using IVY for dependence management doesn't change that mind set.
Re #2 sharing the experience
That is the intent. Otherwise I wouldn't have raised the issue.
> Extend Ivy usage for easier external lib management
> ---------------------------------------------------
>
> Key: OFBIZ-5464
> URL: https://issues.apache.org/jira/browse/OFBIZ-5464
> Project: OFBiz
> Issue Type: Improvement
> Components: ALL COMPONENTS, framework
> Affects Versions: SVN trunk
> Reporter: Pierre Smits
> Attachments: jarfiles.txt
>
>
> Currently Apache Ivy is used to facilitate downloads of specific external jar
> files for Activemq, mySQL, postgreSQL configuration and Sonar and Cobertura
> functions.
> However, Apache Ivy can also be for easier management of the standard jars
> OFBiz is dependent on, in
> - various framework areas
> - various base and special purpose applications/components.
> Applying more ivy functionality will decrease the load on commiters regarding
> maintenance of (and upgrading) external jars used and required licence
> information.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
