[
https://issues.apache.org/jira/browse/LUCENE-9897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17339507#comment-17339507
]
Dawid Weiss commented on LUCENE-9897:
-------------------------------------
Hi [~gworah]. I've taken another look, trying to exclude all the configurations
we're not interested in. It sort of works but the generated file still contains
tons of extra stuff (from plugin configurations, buildSrc, etc.)... it also
never removes signatures from the generated file (so you need to regenerate
from scratch).
I'm not sure I like the all-or-nothing approach taken by gradle architects
here. Perhaps it's serving different needs. Thank you for running this
experiment, it is much appreciated, but I think we should stick to the custom
code for now - maybe it's more complicated on the surface but at least we have
full control over what's happening and how.
> Use gradle's built-in artifact checksum verification
> ----------------------------------------------------
>
> Key: LUCENE-9897
> URL: https://issues.apache.org/jira/browse/LUCENE-9897
> Project: Lucene - Core
> Issue Type: Task
> Reporter: Dawid Weiss
> Priority: Minor
> Attachments: LUCENE-9897.patch
>
> Time Spent: 3.5h
> Remaining Estimate: 0h
>
> This is not something I'll be working on but just for reference -
> https://docs.gradle.org/current/userguide/dependency_verification.html
> this could replace the manual code we currently use to validate dependency
> JARs. I know nothing about how gradle's system works (or if it's going to
> clash with palantir's version resolution, for example).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
