Le 31/08/2016 à 07:28, Taher Alkhateeb a écrit :
- And for completeness my original proposal, just let Gradle handle it
because:
- You will consume bandwidth either way (server to server or jcenter to
server)
- The build script will be simpler and cleaner
- The deployed system will be open to change in dependencies and
automatically handle it
- Externalizing dependencies is not uncommon at all. It is the default
with Django, Rails, Node.js, and even Java (inside .m2 directory). People
usually do not want to deal with the dependency headache directly in many
newer systems.
Like Scott, it's also OK with me. There is though still one thing I slightly
worry about, as you said
People usually do not want to deal with the dependency headache directly in
many newer systems.
I can understand that!
But I have to check Gradle is doing a good job concerning disclosed
vulnerabilities.
I mean that it always automatically downloads the latest safe external libs versions. I guess it does but I have still to check that. This is the
purpose of OFBIZ-7930
Jacques
