On Mon, Jun 8, 2015 at 11:16 AM, Jochen Theodorou <blackd...@gmx.org> wrote: > > Without looking to the source code, I'm pretty sure it could be replaced by >> the right flags of the maven-javadoc-plugin... >> > > can it be used outside maven? Becuase we are talking about a gradle build. >
Ah, right, it's a Gradle-based build... not Maven, sorry. As I said, I did not even look to the build nor the code. I do not know the details that the JavadocFixTool.java actually fixes. But the Gradle DSL looks to support some custom options when calling the javadoc binary: https://docs.gradle.org/current/dsl/org.gradle.api.tasks.javadoc.Javadoc.html#org.gradle.api.tasks.javadoc.Javadoc:options So maybe that would be a workaround to avoid the custom code... Another option, since looks the GPL code is there to fix CVE-2013-1571, could be to limit the build to non-affected versions (CVE-2013-1571 only affects Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier). I have no idea how you could do that in Gradle, but I'm pretty sure the DSL has enough expressiveness to support something like that, for instance http://mrhaki.blogspot.co.at/2010/11/gradle-goodness-set-java-version.html The goal is to not distribute, i.e., to not depend, on that code for a clean build. How is another story... for it looks you're plenty of options. Hope that helps. Cheers, -- Sergio Fernández Partner Technology Manager Redlink GmbH m: +43 6602747925 e: sergio.fernan...@redlink.co w: http://redlink.co
