struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stanl...@gmail.com
Subject Re: Essential Dependencies Only
Date Tue, 15 Dec 2009 17:58:17 GMT
Thanks Wes --

Have you or others discovered any software that could be used to "decompose"
an open source product into its constituent parts and then further decompose
each of those in turn.  Looking at a single POM rarely answers the "real"
questions.  The dependency/version graph is wicked to deal with by hand and
the licenses therein complicate matters even further.  I struggle when
thinking how many shops are each doing this over-and-over with each new
version release and it seems like a missing piece of the FOSS/legal puzzle.

Peace,
Scott


On Mon, Dec 14, 2009 at 10:44 AM, Wes Wannemacher <wesw@wantii.com> wrote:

> Scott, take a look at the mailreader and blank apps. You can also read
> through the struts2-core pom (annotated and easier to read here -
>
> http://jarvana.com/jarvana/inspect-pom/org/apache/struts/struts2-core/2.1.8/struts2-core-2.1.8.pom
> ,
> that points to 2.1.8, they haven't indexed 2.1.8.1 yet, but there is
> no differences in dependencies).
>
> If you just want to cut to the chase, the "essentials" would be -
>
> struts2-core 2.1.8.1
> xwork-core 2.1.6
> freemarker 2.3.15
> ognl 2.7.3
>
> -Wes
>
> On Mon, Dec 14, 2009 at 10:36 AM, stanlick <stanlick@gmail.com> wrote:
> >
> > Greetings and Happy Holidays --
> >
> > I am sitting down to unwind the Essential Dependencies Only jar
> > (struts-2.1.8.1-lib.zip) in preparation for the litany of questions the
> > lawyers are going to ask before accepting the Struts 2.1.8.1 upgrade in
> > house.  Now either I have a different understanding of the word
> essential,
> > or this version of our new Struts has really spread her arms.  There are
> > seventy-one jars in the lib folder of the *essential dependencies only
> jar*
> > and a quick glance suggests they are *not* all essential.  So does
> essential
> > != core or required?  Is there a resource where an analysis can be made
> to
> > determine compile, testing, run-time dependencies?  Untangling this ball
> of
> > yarn by hand is going to burn up hours and lead an analyst down many
> rabbit
> > holes.  Is there a POM that could save the man hours?
> >
> > Peace,
> > Scott
> > --
> > View this message in context:
> http://old.nabble.com/Essential-Dependencies-Only-tp26779724p26779724.html
> > Sent from the Struts - User mailing list archive at Nabble.com.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> > For additional commands, e-mail: user-help@struts.apache.org
> >
> >
>
>
>
> --
> Wes Wannemacher
>
> Head Engineer, WanTii, Inc.
> Need Training? Struts, Spring, Maven, Tomcat...
> Ask me for a quote!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message