directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Karasulu <>
Subject Re: [Attentione] Reverted nlog4j 1.2.19 => 1.2.23 upgrade
Date Mon, 13 Mar 2006 18:24:39 GMT
Ceki Gülcü wrote:
> Alex,
> To begin, I am sorry about the hassle this upgrade is causing. Looking 
> at the Maven repository at ibiblio, it seems that they (ibiblio) are 
> publishing the pom files without modification [1].
> Here are some details about the process for building the jar file for 
> ibiblio:
> - NLOG4J does not use Maven itself,
> - The jar file used for the Maven (Ibiblio) upload requests gets 
> assembled by an Ant build file [2].
> - It uses the pom file defined in [3].
> [1]
> [2]
> [3]
> At this stage I am tempted to simply delete the dependency tags in 
> NLOG4J's pom file. I could also add a <scope>provided</scope> element 
> in each appropriate dependency. Which alternative do you think is better?
Hmmm going on a couple days of no sleep here so I might be babbling.
Take my comments with a grain of salt.

If you exclude these dependencies then m2 should not require them to be
present for nlog4j dependent projects: this is the simplest case.  WRT
nlog4j dependent projects the net effect is pretty much the same as
marking these dependencies as provided: nlog4j dependent projects would
not include these SUN API jars as dependencies.  The only reason why you
may want to mark them as having the provided scope is for your nlog4j
build process.  Meaning if you must compile these classes which depend
on SUN API's then these jars must be present. That is if you used m2 but
you don't.

So in conclusion the approach does not really matter.  You can remove
the deps or include them and mark them with the provided scope.  Now I
don't know if there is some benefit for publishing the fact that you
have classes depending on these SUN artifacts by including them in your
pom.  You might want to get some recommendations from the maven peeps on
this.  They certainly have more vision than I do.


P.S. If/when you change your pom though, make sure you bump your
revision number to say 1.2.24 because people will have already pulled
down your old non-snapshot pom: you'll want to leave your old pom there
as is.
> At 05:11 PM 3/13/2006, Alex Karasulu wrote:
>> Ceki,
>> My comments are inline...
>> Gülcü wrote:
>>> At 08:58 AM 3/11/2006, Alex Karasulu wrote:
>>>> Just kidding but we need to talk to Ceki about this and see if he 
>>>> can change his pom.  At this point we cannot upgrade to the 1.0 
>>>> slf4j compatible nlog4j.  It adds things like the jmx jar, 
>>>> activation, mail, and I think I even saw Maven download my mother 
>>>> in law.
>>>> This happened once before and Ceki reverted.  I don't think he'd 
>>>> stick with this so we just need to talk to him.  Perhaps he's 
>>>> unaware of it creeping in again.
>>> No, I am not aware of jmx, activation, mail... jar files creeping in 
>>> as requirements downstream. Those files are required for compiling 
>>> NLOG4J (as well as log4j) but compiling log4j/nlog4j should not be 
>>> an ADS concern. NLOG4J SVN repository [1] indicates that the 
>>> NLOG4J's POM file has not changed since 28th of August 2005. You 
>>> also mentioned that ADS was currently using 1.2.19 which was 
>>> released around December 2005. Given that NLOG4J's POM file has not 
>>> changed between 1.2.19 and 1.2.23, there is nothing to revert, is 
>>> there?
>>> [1] 

>> Hmmm that's very odd.  Something had to change.  Looks like this is a 
>> Maven 1 pom.  So someone put together the Maven 2 pom for you at 
>> ibiblio without considering the scope of the dependencies.  In maven 
>> 2 you can control dependency scope.  Meaning you can make things 
>> dependent for test, or just compile stages of the lifecycle.  Namely 
>> here these dependencies should be of the provided scope I think: if 
>> they are used then the jars are provided.  Brett Porter would know 
>> best but I hate to bug the guy :).
>>>> Forgive the crazy email ... its late...
>>>> Alex
>>>> P.S. Ceki help us to get to 1.2.23 please!
>>> I am not very Maven savvy but other than that I'll do my best.
>>> First question, are you trying to build NLOG4J with Maven? If not, 
>>> is it possible to tell Maven not to drag in NLOG4J dependencies?
>> Yeah there is with Maven 2 and apparent this is what has been 
>> misconfigured by who ever put deployed the nlog4j jar.  The 
>> dependencies for sun jars should always be provided I "think" to 
>> prevent their transitivity.  Incidentally our build uses maven 2.
>> Alex

View raw message