[jira] [Created] (CASSANDRA-17750) Remove dependency on Maven Ant Tasks

Abe Ratnofsky (Jira) Tue, 12 Jul 2022 14:20:06 -0700

Abe Ratnofsky created CASSANDRA-17750:
-----------------------------------------


             Summary: Remove dependency on Maven Ant Tasks
                 Key: CASSANDRA-17750
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17750
             Project: Cassandra
          Issue Type: Improvement
          Components: Build, Dependencies, Packaging
            Reporter: Abe Ratnofsky
            Assignee: Abe Ratnofsky


Apache Cassandra depends on Maven Ant Tasks (MAT) during build, for declaring 
dependencies and generating POM files from within build.xml. MAT has long been 
retired (no commits since maintenance in 2015), has registered CVEs in 
dependencies (CVE-2017-1000487), and encourages migration to its successor, 
Maven Artifact Resolver Ant Tasks (MARAT).

As part of CASSANDRA-16391 
<https://issues.apache.org/jira/browse/CASSANDRA-16391>, mck migrated 
dependency resolution to MARAT, but MAT is still included in our build for 
generating POMs since MARAT does not have an alternative to the writepom task 
provided by MAT. I have a patch ready that removes MAT completely, with a 
workaround for POM generation.

I am not advocating for any kind of migration away from Ant to an alternative 
like Gradle or Maven, just to be extra clear.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (CASSANDRA-17750) Remove dependency on Maven Ant Tasks

Reply via email to