ppkarwasz commented on PR #4144: URL: https://github.com/apache/logging-log4j2/pull/4144#issuecomment-4690940962
What do you think about shading it in? I mean shading in the strict sense: relocating and pruning only the classes we actually use, via the shade plugin's [`minimizeJar`](https://maven.apache.org/plugins/maven-shade-plugin/shade-mojo.html#minimizeJar) option. Not the colloquial sense, where the plugin is used to build an uber-JAR that embeds whole dependency JARs, which is really a job for a nested-JAR classloader. `copernik-xml-factory` hardens five JAXP factories, but `log4j-core` only needs `DocumentBuilderFactory`. I can expose the `DocumentBuilderFactory` hardening as a single self-contained class so that `minimizeJar` prunes the rest: its dependency analysis (`jdependency`) works at class granularity, so as long as the DOM path does not reference the other four factories, their classes are dropped. We would end up with a couple of relocated `eu.copernik` classes inside `log4j-core` and no extra entry on the user's classpath, which addresses the dependency and fat-JAR concerns together. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
