Github user revans2 commented on the issue: https://github.com/apache/storm/pull/2698 @srdo I can add shaded-deps to the root pom, but it is going to potentially mask a lot of build issues, and is going to make IDEs confused. maven-3.2.6 and above added in a cache for dependencies in the pom.xml. The shade plugin tries to modify those dependencies on the fly and the maven cache wins. https://issues.apache.org/jira/browse/MSHADE-206 What this means is that if shaded-deps is a part of the root pom.xml, all of the code built by maven is going to have both the shaded and the non-shaded version on the classpath when it compiles and when unit tests run, but only the shaded version will be on the classpath in production. Similarly for IDEs that don't understand the shading plugin they will get confused and will likely not see the shaded dependencies so all the code I changed will start to show up as errors, while anyone who uses it will write code against the non-shaded deps, which because of MSHADE-206, will compile under maven, but won't run in production. In older releases we told everyone to use an older version of maven that is not impacted by this, but that is getting harder and harder to do, especially with recent security disclosures. If you really want me to I can add it in under a profile that would be on by default, but we could turn off when we do the check-in builds and when being imported into an IDE.
---