uschindler commented on PR #12016: URL: https://github.com/apache/lucene/pull/12016#issuecomment-1351368145
> > Can we specify our dependencies in a different way (e.g. exact version) in our maven stuff so this won't happen? e.g. you can do this in python, and specify that you depend on antlr == x.y.z rather than just depend on antlr. > > You can - I think what Uwe is describing is a problem for downstream projects where Lucene has antlr x.y.z and some other dependency has antlr a.b.c - then namespaces clash and the conflict is not easily resolved. Classloader separation is possible, of course, but it's hardly an easy alternative. :) > > I personally don't mind shading artifacts but I do agree they are a pain... even tracking down which version a project is actually using is a problem then (because shaded artifacts don't manifest their versions as clearly as a maven dependency). Corporate environments will hate them for legal reasons (for reasons Rob mentioned). Hi, as said before this was just a suggestion from my experience with forbiddenapis with some artifacts like "ASM" and "ANTLR". They are always a pain. From the secruity perspective there are problems, but you can also see it like "code copied" - we can of course also do this, but that's a lot more hassle. What you can always do: Offser a shaded version without those 2 dependencies as a seĆ¼parate artifact. Often seen on maven as "uber" or "shaded" behind version number. If you want to use shaded version, you know consequences. Setting exact version in Maven POMs is not possible, unfortunately. Maven has some tricks (it wont silently upgrade across major versions, but bugfix releases are automatically applied). I don't know exacty how this is handles by Maven resolver. My idea would be: publish "lucene-expressions-shaded.x.y.z" in addition. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org
