On Thu, 29 Sept 2022 at 13:21, Xeno Amess <xenoam...@gmail.com> wrote:
> even better if we have a BOM for whole apache commons. > A BOM specifies what versions are expected to work together. All commons components are low level and have few dependencies. Ideally a BOM is not required as we try to ensure binary and functional compatibility, bugs fixes excluded, between releases. So all versions of commons components should work together. This changes when one component imports another using a specific version number to obtain a specific class/method implementation. Perhaps the best we could do is have a BOM with all the latest versions. Each time a release is made then the BOM must be rereleased with updated versions. This would require a project to deploy a BOM that imports all the commons components as dependencies and tracks the latest versions. It would ensure versions are up-to-date but would do nothing to ensure they are compatible. To verify it would require (a lot of) integration testing. In the case of a multi-module component this process is simplified. All modules are built using the same Java target version. All versions are released using the same version number. All versions are tested to work together by the current test suite. The BOM becomes a simple list of what versions to use together for the release of all the modules. I am not against a Commons BOM. But it requires more work than I am willing to do. I think it would require: - Creating a pom that imports all top-level components - Viewing the current dependency tree (e.g. 'mvn dependency:tree') - Looking for transitive dependencies that are not the latest versions - Updating the pom to explicitly resolve transitive dependencies (but which version do we wish to guarantee works with the rest of the items in the BOM) Here the JBoss plugin to create a BOM may help to collate dependencies. But it would do nothing to guarantee they all work together. This process becomes more complicated when non-commons components are in the tree. I would not wish to maintain a BOM which has non-commons components that are not exercised directly in our tests. Alex
