+1 We need to provide ways for people to plugin things like this instead of adding deps to Roller.
- Dave On Tue, Aug 6, 2013 at 12:08 PM, Glen Mazza <[email protected]> wrote: > Hi Team, I was looking at simplifying the number of external repositories > that Roller relies on, with the hopes that everything it needs it can find > from Maven Central, speeding up initial downloads and builds in the > process. (I think it's also a good selling point for Roller that it can be > built purely with the vanilla deps from Central.) And we've gone from 5 to > 2 repos in our app/pom.xml: just Central and Atlassian's, the latter > needed (https://developer.atlassian.**com/display/CROWDDEV/Maven+2+** > Integration<https://developer.atlassian.com/display/CROWDDEV/Maven+2+Integration>) > only for the Atlassian Crowd SSO dependencies added in February 2012 based > on a donation from Nick Padilla (https://issues.apache.org/** > jira/browse/ROL-1933 <https://issues.apache.org/jira/browse/ROL-1933>). > > I'd like to remove Crowd support from Roller--I have no problem with > accepting patches that facilitate linkage with external SSO solutions, > including commercial ones like Crowd (https://www.atlassian.com/** > software/crowd/overview<https://www.atlassian.com/software/crowd/overview>), > but directly incorporating this solution into Roller is problematic, namely: > > 1.) According to the Crowd site, their JARs are not open source but > proprietary: https://www.atlassian.com/**licensing/purchase-licensing#** > source-2 <https://www.atlassian.com/licensing/purchase-licensing#source-2>and > the source code is not freely available. The Atlassian repo does not > supply the source code: https://maven.atlassian.com/** > content/repositories/**atlassian-public/com/**atlassian/crowd/crowd-** > integration-client-rest/2.4.0/<https://maven.atlassian.com/content/repositories/atlassian-public/com/atlassian/crowd/crowd-integration-client-rest/2.4.0/> > **. So I don't think we can incorporate their JARs (no more than we could > those of WebLogic or WebSphere) into Roller distributions. Even LGPL is out > of the question with Apache, proprietary JARs without source can't be much > better. > > 2.) I don't see how we can maintain this dependency. It's using 2.4.0 and > 18 months later Crowd is up to 2.6.4, and about to ship 2.7.0. Nobody here > has the time or inclination to study up on Atlassian proprietary products > to keep the code up-to-date (let alone register for Crowd access and accept > a bunch of legalese to test it), nor are we in a position to say that the > supplied code is safe and reliable to use. There are open source SSO > solutions -- Apache Syncope maybe -- that might be healthier for Roller to > provide built-in support in the future for. > > Nick's Crowd implementation consists of just two small classes in Roller, > I think he can just post those classes on GitHub, and add a reference to > them from the Apache Roller Wiki site about how to hack Roller to put those > classes & dependencies in for the small minority using Crowd. (I've > checked Nick's two websites, he doesn't appear to be using Roller today > anyway, however he may be for an internal solution, I don't know.) WDYT? > > Regards, > Glen > >
