On Tue, Jan 4, 2022 at 5:22 PM Basil Crow <m...@basilcrow.com> wrote:
> So should I look into the shading approach further? That basically takes us back to the unfortunate state we were in with Kohsuke’s series of shaded & repackaged ASM libraries, where we could not give a clear answer as to what we were actually bundling, and security scanners complained, etc. Not sure that is an improvement. accomplish the shading by making a dedicated module for the shaded JAR, but > I didn't quite follow the concept > Right, you sometimes get into trouble when you try to *use* the library from the same Maven module that Shades it. Better to create a separate module in the reactor which solely Shades the library, then depend on that module from Stapler core. https://github.com/jenkinsci/docker-traceability-plugin/pull/18 shows the idea. Another possibility is to write a minimal bytecode parser that just groks the symbol table, list of methods with their binary signatures, and method parameter metadata. -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr34WR7jQDSyiAwXW1LAtVkgMhoUMazU28LOuZ1i3jrsyA%40mail.gmail.com.
