Github user revans2 commented on the issue:
https://github.com/apache/storm/pull/2698
@srdo I can add shaded-deps to the root pom, but it is going to potentially
mask a lot of build issues, and is going to make IDEs confused.
maven-3.2.6 and above added in a cache for dependencies in the pom.xml.
The shade plugin tries to modify those dependencies on the fly and the maven
cache wins.
https://issues.apache.org/jira/browse/MSHADE-206
What this means is that if shaded-deps is a part of the root pom.xml, all
of the code built by maven is going to have both the shaded and the non-shaded
version on the classpath when it compiles and when unit tests run, but only the
shaded version will be on the classpath in production.
Similarly for IDEs that don't understand the shading plugin they will get
confused and will likely not see the shaded dependencies so all the code I
changed will start to show up as errors, while anyone who uses it will write
code against the non-shaded deps, which because of MSHADE-206, will compile
under maven, but won't run in production.
In older releases we told everyone to use an older version of maven that is
not impacted by this, but that is getting harder and harder to do, especially
with recent security disclosures.
If you really want me to I can add it in under a profile that would be on
by default, but we could turn off when we do the check-in builds and when being
imported into an IDE.
---
