another POM issue breaking Struts 1.3.x compat

[loge]

Hi,

seems i am the POM error finder here ;-) If you use the jasper reports POM you are no more compatible with Struts 1.3.x applications because you request the most recent version of commons-digester. But with 2.0 of digester, Struts 1 doesnt work anymore. I dont know what this version expression means exactly because i ve never seen it so far, but at the end it looks as jasper requests the most recent digester version which is bad. See POM excerpt in code section.

 

Perhaps someone can explain what [1.7,) means.... this looks total weird and even if this expression is valid. Jasper shouldnt request 2.0 if it doesnt need it.

 

Feedback appreciated. To me it looks (together with the other POM issue i reported regarding missing deps in M2 repo) like if the POM could be maintained with a litle bit more "love" ;-) At least i am sure that you definitely want to run side-by-side with Struts1 because its install base is massive.

regards

Marc

 

Code

Post Edited by loge at 04/26/2009 23:11

[loge]

At least i found out what this expression means. Or better, now i am sure that it means what i thought it means:

 

Example: [1.0,) matches all versions greater or equal to 1.0

 

So jasper crew, would you be so kind and change the dependency of digester to <version>1.7</version> ?? And can you tell me why you use so much "newest" wildcards in the POM ? How can you know that new version of your deps wont break Jasper itself? Please keep in mind that 3rd party libs can change anytime and then Maven or ivy user like me could left behind with a broken Jasper version. Or do i miss something?

 

Thanks. Marc

 

BTW: This editor completely su**** on Firefox/Mac.

Post Edited by loge at 04/26/2009 23:38

[loge]

on second thought i am quite sure that you really should change ALL deps to fixed versions. And i am really curious how you can support customers this way.

 

Lets say a customer says "hey, support, i am using jasper reports 3.5.0 and i am getting this stack". Where do you know what dependency libraries this customer currently has? You simply cant know except you check all your deps in the M2 repository. And how do you manage QA within Jasper? I think you test your software with defined versions of 3rd party libs but at your customers it could be totally different because of your "newest" wildcards in the POM.

 

We also develop software products but this looks really crazy to me with regard to Quality Management. I am really looking forward to a statement on this. You simply cant do POM wildcards when you depend on libraries which you dont control. Its simple as that. Marc

Post Edited by loge at 04/27/2009 10:15

[lucianc]

We have changed all dependency version intervals to single versions.

Dependency version intervals seemed like a good idea in the beginning as it allowed some flexibility in the choice of dependency versions.  There are many projects where JasperReports is used along other libraries, and saying "JR only works with Commons Digester 1.7, so if you use another library that depends on Commons Digester 1.8 you should give up" doesn't sound good.

But we've learned that such Maven version intervals do not work in a reliable manner, so we've dropped using them.  The JR 3.5.1 pom will have single dependency versions.

Regards,

Lucian

[loge]

I can understand your intention but its flawed on second thought. If Framework-B wants to have Commons-Digester 2.0 and it also supplies a POM, then we definitely get Digester 2.0 but only because "B" really needs it. You have the same problem then but the difference is that 2.0 is explicitely requestet by "B" and not because it always wants the newest for no reason. So the chance is much lower that anything breaks if every projects expose their "minimum" requirements.

 

And BTW, as is said, you really cant know if Digester 2.1 doesnt break Jasper itself because i am quite sure that you dont know when and if the Digester guys change their public API right? :-) We all know that java really su**s when it comes to library management. Its kind of DLL hell only for Java, but normally you dont run into probems. Our product has about 60 megs of 3rd party libs. So i think we are one of the larger projects around and so far everything worked... except for the original Jasper POM.

Thanks for integrating my suggestion.

 

BTW: why does Quick-Reply forgets my newlines and paragraphs? Is this a Mac issue? I must edit my posts every time to make it readable...

Post Edited by loge at 05/05/2009 16:13

[lucianc]

Please post any feedback regarding the JF.org functionality on the Forge feedback forum.  Or, if it's a bug, on the trackers of the same project.

Regards,

Lucian