If I may put in my 2 cents - these libraries are declared as optional
dependency (see below)
<!-- For ed25519 support -->
<dependency>
<groupId>net.i2p.crypto</groupId>
<artifactId>eddsa</artifactId>
<optional>true</optional>
</dependency>
This also means that they are not packaged - just to make sure , I checked the
assembly project ZIP/TAR.GZ products and they do not include the ed25519
library (BTW, I think we should also declare the BouncyCastle and Tomcat
libraries as optional as well since they are such).
Furthemore, there are clear instruction in the project's README file that users
who wish to use them must add them explicitly
Note: the required Maven module(s) are defined as optional so must be added as
an explicit dependency in order to be included in the classpath
Lyor
________________________________
From: Emmanuel Lécharny <[email protected]>
Sent: Tuesday, May 30, 2017 6:52 PM
To: dev
Subject: Re: [VOTE] Release Apache Mina SSHD 1.5.0
Le 30/05/2017 à 15:47, Guillaume Nodet a écrit :
> Our source code depends on those 2 libraries, however they are optional,
> and we don't ship them in our assembly.
Optional in what sense ? Seems they are used in compile scope, so my
guess is that they are part of the package. Can you check that ?
Typically, how do you make them part of the package, or how do you
exclude them ?
> So I don't think their LICENSE/NOTICE files should end up in our binary
> distribution. I'm not sure they need to be in the source distribution
> either.
If they are not included in the source package and in teh binary
package, then they dn't need to be added in the N&L files.
>>
>>
>> --
>> Emmanuel Lecharny
>>
>> Symas.com
>> directory.apache.org
>>
>>
>
--
Emmanuel Lecharny
Symas.com
directory.apache.org
