Thanks for the tip Taher
Jacques
Le 31/08/2016 à 13:11, Taher Alkhateeb a écrit :
Hi Jacques, yes security is another topic and we can start a new thread on
that if you wish. Suffice to say in here that dependency management in
gradle although automatic allows you to customize dependencies. You can use
patterns to say give me the latest minor version or latest major version or
exclude this transitive dependency and so on and so forth.
On Aug 31, 2016 2:03 PM, "Jacques Le Roux" <[email protected]>
wrote:
Le 31/08/2016 à 07:28, Taher Alkhateeb a écrit :
- And for completeness my original proposal, just let Gradle handle it
because:
- You will consume bandwidth either way (server to server or jcenter to
server)
- The build script will be simpler and cleaner
- The deployed system will be open to change in dependencies and
automatically handle it
- Externalizing dependencies is not uncommon at all. It is the default
with Django, Rails, Node.js, and even Java (inside .m2 directory). People
usually do not want to deal with the dependency headache directly in many
newer systems.
Like Scott, it's also OK with me. There is though still one thing I
slightly worry about, as you said
People usually do not want to deal with the dependency headache directly
in many newer systems.
I can understand that!
But I have to check Gradle is doing a good job concerning disclosed
vulnerabilities.
I mean that it always automatically downloads the latest safe external
libs versions. I guess it does but I have still to check that. This is the
purpose of OFBIZ-7930
Jacques
