Spent a little too much time writing another script to post process my list of deps and get a simpler de-duped list.. :)
http://gist.github.com/316361 To use, stick all of your constants containing specs into a file (with nothing else) and then feed the file to the script. On Fri, Feb 26, 2010 at 6:43 PM, Alex Boisvert <alex.boisv...@gmail.com> wrote: > That's the way, uh-huh uh-huh, I like it, uh-huh, uh-huh. > That's the way... > > > On Fri, Feb 26, 2010 at 11:51 AM, Chetan Sarva <csa...@gmail.com> wrote: > >> Love the whitelist idea. I just wrote a simple task which takes care >> of my needs at least -- >> >> $ buildr whitelist[org.springframework:spring-web:jar:3.0.1.RELEASE] >> (in /Users/chetan/play/buildr_whitelist, development) >> >> listing all transitive specs for: >> org.springframework:spring-web:jar:3.0.1.RELEASE >> >> SPRING_WEB = [ >> "activation:activation:jar:1.0.2", >> "aopalliance:aopalliance:jar:1.0", >> "commons-logging:commons-logging:jar:1.1.1", >> "javax.portlet:portlet-api:jar:2.0", >> "javax.servlet.jsp:jsp-api:jar:2.1", >> "javax.servlet:servlet-api:jar:2.5", >> "javax.xml.soap:saaj-api:jar:1.3", >> "org.springframework:spring-aop:jar:3.0.1.RELEASE", >> "org.springframework:spring-asm:jar:3.0.1.RELEASE", >> "org.springframework:spring-beans:jar:3.0.1.RELEASE", >> "org.springframework:spring-context:jar:3.0.1.RELEASE", >> "org.springframework:spring-core:jar:3.0.1.RELEASE", >> "org.springframework:spring-expression:jar:3.0.1.RELEASE", >> "org.springframework:spring-web:jar:3.0.1.RELEASE" >> ] >> >> >> Completed in 0.711s >> >> you can grab it here -- >> >> >> http://github.com/chetan/misc/blob/master/scripts/buildr_tasks/whitelist.rake >> >> Hopefully others will find it useful. >> >> chetan >> >> On Wed, Feb 24, 2010 at 12:52 PM, Alex Boisvert <alex.boisv...@gmail.com> >> wrote: >> > On Wed, Feb 24, 2010 at 8:47 AM, Will Rogers <wjrog...@gmail.com> wrote: >> > >> >> On Sat, Jan 23, 2010 at 12:25 PM, Alex Boisvert < >> alex.boisv...@gmail.com> >> >> wrote: >> >> > solid. Whitelisting dependencies has worked very well for many of us >> on >> >> big >> >> > projects and is probably an under-appreciated feature. >> >> >> >> What does "whitelisting dependencies" mean? >> >> >> > >> > Whilelisting dependencies means explicitly specifying all dependencies in >> > your project. No guessing game, all dependencies you use and package are >> in >> > plain sight. >> > >> > Compare this to a system where you generate a list of dependencies >> through a >> > transitive closure (e.g. specifying a dependency on Tomcat automatically >> > gets you Servlet API, Apache Commons logging, and probably 10+ other >> > dependencies). In such a system, you have to "blacklist" dependencies >> you >> > want to exclude, say, you don't use JSP pages so you don't need Jasper >> > (which is a JSP engine integrated with Tomcat). >> > >> > Transitive dependencies are typically great to get you started quickly >> but >> > often come back to haunt you because the automatically-generated list may >> > contain surprises. For example, if you have multiple transitive roots >> (e.g. >> > Tomcat and Axis2), then you may have conflicts and/or duplicate >> dependencies >> > that may not be detected. In an ideal world, these kinds of things >> don't >> > happen but ... in reality they happen and either catch you at the least >> > opportune moment or turn into long debugging sessions about why this or >> that >> > isn't working as expected. >> > >> > I think we're leaning towards support for transitive dependencies that >> would >> > essentially have a manual, separate phase for resolving dependencies and >> > then save/freeze the list so it's not regenerated automatically based on >> > changing conditions. Thus making the result easily >> > editable/reviewable/auditable when needed. >> > >> > alex >> > >> >