Le sam. 2 nov. 2024 à 11:12, Niall Pemberton
<niall.pember...@gmail.com> a écrit :
>
> On Sat, 2 Nov 2024 at 09:28, sebb <seb...@gmail.com> wrote:
>
> > On Sat, 2 Nov 2024 at 09:11, Tushar Kapila <tgkp...@gmail.com> wrote:
> > >
> > > If you only want code that is used, you can use an obfuscator? Using
> > > dependencies is the way to go, IMHO. Keep concerns tight. Change in one
> > > place in case of bugs and vulnerabilities
> >
> > Again, that only applies where there is bunch of code to replace.
> > Code re-use has to be balanced against the extra resource and maintenance
> > costs.
> >
> > Remember that when a vulnerability is found in a component, all users
> > have to check whether their project is affected. And even if their
> > project does not use the vulnerable code, they will still have to
> > upgrade be prepared to deal with the inevitable follow-up.
> >
> > Dependencies have both advantages and disadvantages.
>
>
> +1
>
> Also, historically there used to be few “commons wide” rules with the
> people who worked on a component deciding how that was done. I haven’t
> checked, but I believe Emmanuel has been the main person working on
> Configuration for a long time and therefore he should have the biggest say
> in its development rather than imposing rules from those of us not involved.
As much as I agree with this "basic courtesy" behaviour, it has not always
been equally applied (as a "rule").
IIRC, every time a proposal about some (Commons-wide) rules was put
forward, it was ignored or derailed, often by ad-hoc[1] arguments, such as
"we don't impose (common) rules".
A different point is that, in recent years, some of the usual maintainer(s)
of some components have reduced their "visible" involvement (commits,
release vote). [Obviously, Gary's number of "commits" trumps everyone
else's.] Hence the "I was there first" argument is a bit fragile IMHO.
Until we agree on _how_ to reduce the perceived "disadvantages" (of
having _and_ of not having dependencies), we can only continue to
ignore the other's POV...
My question was and still is: Can modularization help?
Regards,
Gilles
[1] "Ad-hoc" because the accepted "source of advice" (in a loose sense)
varies from people to people and has varied from epoch to epoch.]
>>> [...]
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
For additional commands, e-mail: dev-h...@commons.apache.org
