Bug 1006607 - jboss-integration platform BOM: Minimize exclusions to only those that fix (unanimously agreed) bugs in the dependency's pom
jboss-integration platform BOM: Minimize exclusions to only those that fix (u...
Status: CLOSED NOTABUG
Product: JBoss BRMS Platform 6
Classification: JBoss
Component: Build and Assembly (Show other bugs)
6.0.0
Unspecified Unspecified
low Severity unspecified
: ER5
: 6.0.0
Assigned To: Geoffrey De Smet
Lukáš Petrovický
:
Depends On:
Blocks: 1017745 1019906
  Show dependency treegraph
 
Reported: 2013-09-10 17:47 EDT by Nick Cross
Modified: 2013-12-04 04:18 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-12-04 04:18:54 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nick Cross 2013-09-10 17:47:42 EDT
Currently the community integration bom has dependencies in the dependencyManagment that include exclusions. The recommendation from EAP is not to have exclusions in a BOM.
Comment 2 Geoffrey De Smet 2013-09-11 05:35:23 EDT
Problem by not doing the exclusions is that we have to overwrite the dependencies in order to do them. That's a DRY violation.

There are 2 types of exclusions:
1) Exclusions to avoid duplicate dependencies in the classpath. For example because of an artifact that changed its groupId. For example: A depends on "org.javassist:javassist" and B depends on "javassist:javassist". The common solution is to exclude the "javassist:javassist" problem.
2) Exclusions for plain bugs in the pom metadata. For example an unneeded non-test scope dependency on junit, cobertura or mockito. Or for example, a non-test scope dependency on slf4j-log4j12 (because reusable jars should not force the logging implementation, they should only depend on slf4j-api).

Not sure how we want to resolve this, but we 'll need to make a decision.

Note: SY and KIE haven't agreed on the exclusions yet.
Comment 5 Geoffrey De Smet 2013-10-14 06:49:26 EDT
@Edson sure
Comment 6 Geoffrey De Smet 2013-10-14 06:59:07 EDT
Conclusion after discussion with Horia (Modeshape):

1) Exclusions in a bom or parent pom, cannot be overwritten by child poms (they can only be manually re-added which is a big pain).
Therefore, if anyone (*) disagrees on any exclusion, it's removed. So we need to be unanimous (silence == agreeing). 

2) Some dependency's poms have outright bugs. Exclusions to fix these bugs make perfect sense. Therefore, we keep those exclusions.
But again, if anyone (*) disagrees that it's not a bug (that the exclusion is invalid in some cases) the exclusion is removed.

(*) anyone from projects that actually use that dependency
Comment 7 Ryan Zhang 2013-12-04 04:18:54 EST
Nick and I both think we already have agreement on the process how to handle this case.

Close this issue now.

Note You need to log in before you can comment on or make changes to this bug.