[
https://issues.apache.org/jira/browse/CASSANDRA-18877?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17769174#comment-17769174
]
Michael Semb Wever commented on CASSANDRA-18877:
------------------------------------------------
bq. yet people can just commit the sources not meant for the production code
and we ship it.
We can commit anything and break anything. it's unclear to me the intention or
purpose of this sentence 🤷🏻♀️
build/lib/jars/ will also contain "provided" and build-only scope jar files, of
which are important not to include in lib/
If we want to enforce/QA such jars are not accidentally making it into lib/ I
suggest other ways to do that. And to begin with that we document each
explaining its purpose and intent where-ever it is not obvious.
> remove bytebuddy / byteman from production classpath and remove compress-lzf
> dependency from build deps
> -------------------------------------------------------------------------------------------------------
>
> Key: CASSANDRA-18877
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18877
> Project: Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 4.0.x, 4.1.x, 5.x
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> I was digging in the project deps and if you compare all libs in "libs" dir
> and all libs in "build/lib/jars", there are indeed some differences which are
> OK however in build/lib/jars there are also libraries for byteman and
> byte-buddy. This is clearly wrong as these dependecies should not be
> accessible from the production code, only from tests.
> The reason they are accessible in prod code is that there is the class
> TestRateLimiter (1). I do not have a clue why that class is in the prod code
> in the first place. The only place it is referenced in is here (2) but that
> byteman script is not loaded anywhere in tests. I was also checking Python
> dtests.
> I think this is some leftover or something like "I will keep it here when I
> need it", but as nobody seems to do, I strongly advocate for removing it and
> making bytebuddy and byteman only test scoped dependencies as it should be.
> A reader who pays attention notices that these dependencies are of provided
> scope which is a trick to have it compilable but not among the libraries in
> the production runtime and it does not do any harm as it is never invoked
> from the production code (if it was, it would fail on missing imports)
> neverthless this is still an issue which should be addressed. We were doing
> something similar with assertj dependency recently.
> The second issue is that there is a dependency on compress-lzf in build
> dependencies. This is not necessary either as that library was removed from
> the repository in (3) but it still somehow leaked to the build process again.
> (1)
> https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/utils/TestRateLimiter.java
> (2)
> https://github.com/apache/cassandra/blob/trunk/test/resources/byteman/mutation_limiter.btm
> (3)
> https://github.com/apache/cassandra/commit/fc92db2b9b56c143516026ba29cecdec37e286bb
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
