I would like to kindly reminder that it is vote thread On Tue, 30 Sept 2025 at 15:51, Romain Manni-Bucau <[email protected]> wrote:
> This is wrong Elliotte, your fix breaks others - see the example I gave, > basically any time an user doesn't use the RI - which is common - your fix > is wrong. > > > It is far more important to make sure that all emitted warnings are > accurate and actionable than to make sure we warn about everything > that might be a minor problem with some very low probability. > > This is right and the reason your PR doesn't work. A compromise if you do > not want to implement a complete fix is to add a bucket "uncertain" in the > output and let the user configure exclusions but like this, this doesn't > look mergeable to me without a real rework if you want to keep the mojo > valuable. > > Le mar. 30 sept. 2025 à 13:23, Elliotte Rusty Harold <[email protected]> > a > écrit : > > > On Mon, Sep 29, 2025 at 7:09 PM Romain Manni-Bucau > > <[email protected]> wrote: > > > > > > > > I'm mixed cause this stays a challenge cause you do not handle most of > > the > > > gav still. > > > > I'm not sure what your point is. Most artifacts won't and shouldn't be > > touched by this approach. Of those that are, more can be added once we > > stop bikeshedding on exactly how to do this, roll up our sleeves, and > > get to work. If this PR had been approved when first submitted, we'd > > be pretty close to done by now. We started with something like 100 > > problems. I fixed one so we're down to ~99. Merge this and we're at > > 98. Every one we fix is an improvement, whether we fix the others or > > not. Delaying isn't helping. > > > > > > > I'm also mixed about it cause it also creates bugs. > > > Take you jsonp example, add johnzon as impl....and your exclusion > should > > > trigger the current bug cause the impl used is no more glassfish one > > > (hardcoded one) but johnzon thanks the SPI overriding. > > > > Bugs are not created equal. Almost every warning for this dependency > > is a false positive that wastes developers' time and attention and > > teaches them to ignore or turn off dependency analysis. Hypothetically > > there might somewhere be a true positive, but even if we convert that > > one true positive into a false negative, it's not a big deal. Someone > > has one extra unused dependency. The code still works. > > > > It is far more important to make sure that all emitted warnings are > > accurate and actionable than to make sure we warn about everything > > that might be a minor problem with some very low probability. > > > > -- > > Elliotte Rusty Harold > > [email protected] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > -- Sławomir Jaranowski
