+1
On 8/6/13 9:10 AM, Dave wrote:
+1
We need to provide ways for people to plugin things like this instead of
adding deps to Roller.
- Dave
On Tue, Aug 6, 2013 at 12:08 PM, Glen Mazza <glen.ma...@gmail.com> wrote:
Hi Team, I was looking at simplifying the number of external repositories
that Roller relies on, with the hopes that everything it needs it can find
from Maven Central, speeding up initial downloads and builds in the
process. (I think it's also a good selling point for Roller that it can be
built purely with the vanilla deps from Central.) And we've gone from 5 to
2 repos in our app/pom.xml: just Central and Atlassian's, the latter
needed (https://developer.atlassian.**com/display/CROWDDEV/Maven+2+**
Integration<https://developer.atlassian.com/display/CROWDDEV/Maven+2+Integration>)
only for the Atlassian Crowd SSO dependencies added in February 2012 based
on a donation from Nick Padilla (https://issues.apache.org/**
jira/browse/ROL-1933 <https://issues.apache.org/jira/browse/ROL-1933>).
I'd like to remove Crowd support from Roller--I have no problem with
accepting patches that facilitate linkage with external SSO solutions,
including commercial ones like Crowd (https://www.atlassian.com/**
software/crowd/overview<https://www.atlassian.com/software/crowd/overview>),
but directly incorporating this solution into Roller is problematic, namely:
1.) According to the Crowd site, their JARs are not open source but
proprietary: https://www.atlassian.com/**licensing/purchase-licensing#**
source-2 <https://www.atlassian.com/licensing/purchase-licensing#source-2>and
the source code is not freely available. The Atlassian repo does not
supply the source code: https://maven.atlassian.com/**
content/repositories/**atlassian-public/com/**atlassian/crowd/crowd-**
integration-client-rest/2.4.0/<https://maven.atlassian.com/content/repositories/atlassian-public/com/atlassian/crowd/crowd-integration-client-rest/2.4.0/>
**. So I don't think we can incorporate their JARs (no more than we could
those of WebLogic or WebSphere) into Roller distributions. Even LGPL is out
of the question with Apache, proprietary JARs without source can't be much
better.
2.) I don't see how we can maintain this dependency. It's using 2.4.0 and
18 months later Crowd is up to 2.6.4, and about to ship 2.7.0. Nobody here
has the time or inclination to study up on Atlassian proprietary products
to keep the code up-to-date (let alone register for Crowd access and accept
a bunch of legalese to test it), nor are we in a position to say that the
supplied code is safe and reliable to use. There are open source SSO
solutions -- Apache Syncope maybe -- that might be healthier for Roller to
provide built-in support in the future for.
Nick's Crowd implementation consists of just two small classes in Roller,
I think he can just post those classes on GitHub, and add a reference to
them from the Apache Roller Wiki site about how to hack Roller to put those
classes & dependencies in for the small minority using Crowd. (I've
checked Nick's two websites, he doesn't appear to be using Roller today
anyway, however he may be for an internal solution, I don't know.) WDYT?
Regards,
Glen
