calvinhkf opened a new issue #6450: Library version inconsistency notice. URL: https://github.com/apache/pulsar/issues/6450 Hi. I have implemented a tool to detect library version inconsistencies. Your project have 17 inconsistent libraries and 16 false consistent libraries. Take org.eclipse.jetty:jetty-util for example, this library is declared as version 9.4.20.v20190813 in pulsar-common, 9.3.24.v20180605 in tiered-storage/file-system and etc... Such version inconsistencies may cause unnecessary maintenance effort in the long run. For example, if two modules become inter-dependent, library version conflict may happen. It has already become a common issue and hinders development progress. Thus a version harmonization is necessary. Provided we applied a version harmonization, I calculated the cost it may have to harmonize to all upper versions including an up-to-date one. The cost refers to POM config changes and API invocation changes. Take org.eclipse.jetty:jetty-util for example, if we harmonize all the library versions into 9.4.26.v20200117. The concern is, how much should the project code adapt to the newer library version. We list an effort table to quantify the harmonization cost. The effort table is listed below. It shows the overall harmonization effort by modules. The columns represents the number of library APIs and API calls(NA,NAC), deleted APIs and API calls(NDA,NDAC) as well as modified API and API calls(NMA,NMAC). Modified APIs refers to those APIs whose call graph is not the same as previous version. Take the first row for example, if upgrading the library into version 9.4.26.v20200117. Given that 5 APIs is used in module pulsar-common, 5 of them is deleted in a recommended version(which will throw a NoMethodFoundError unless re-compiling the project), 0 of them is regarded as modified which could break the former API contract. |Index|Module|NA(NAC)|NDA(NDAC)|NMA(NMAC)| |-|-|-|-|-| |1|pulsar-common|5(5)|5(5)|0(0)| |2|tiered-storage/file-system|0(0)|0(0)|0(0)| Also we provided another table to show the potential files that may be affected due to library API change, which could help to spot the concerned API usage and rerun the test cases. The table is listed below. |Module|File|Type|API| |-|-|-|-| |pulsar-common|pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java|delete|org.eclipse.jetty.util.ssl.SslContextFactory.setTrustAll(boolean)| |pulsar-common|pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java|delete|org.eclipse.jetty.util.ssl.SslContextFactory.setWantClientAuth(boolean)| |pulsar-common|pulsar-common/src/main/java/org/apache/pulsar/common/util/SecurityUtility.java|delete|org.eclipse.jetty.util.ssl.SslContextFactory.setNeedClientAuth(boolean)| |4|..|..|..| As for false consistency, take org.apache.pulsar pulsar-common jar for example. The library is declared in version 2.6.0-SNAPSHOT in all modules. However they are declared differently. As components are developed in parallel, if one single library version is updated, which could become inconsistent as mentioned above, may cause above-mentioned inconsistency issues If you are interested, you can have a more complete and detailed report in the attached PDF file. [apache incubator-pulsar.pdf](https://github.com/apache/pulsar/files/4271749/apache.incubator-pulsar.pdf)
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
