Josh,

I put up a PR to move Rya to findbugs-annotations [1]. Besides removing
some annotations, the biggest change was to go from "import
javax.annotation.Nullable" to "import
edu.umd.cs.findbugs.annotations.Nullable".  Does that look correct?

I went over to Apache Phoenix to see how they deal with the package names
for the findbugs-annotations, and it appears that Phoenix still uses
"javax.annotation.Nullable" and has a direct dependency on findbugs:jsr305
[2].

--Aaron

[1] https://github.com/apache/incubator-rya/pull/115
[2] https://github.com/apache/phoenix/blob/master/pom.xml#L864


On Mon, Oct 17, 2016 at 2:58 PM Aaron D. Mihalik <aaron.miha...@gmail.com>
wrote:

> I meant "fluo has a transitive dependency on findbugs:jsr305". I agree
> that findbugs-annotations is good and jsr305 is bad.
>
> On Mon, Oct 17, 2016 at 2:51 PM Puja Valiyil <puja...@gmail.com> wrote:
>
> Yea findbugs-annotations is not LGPL:
> https://github.com/stephenc/findbugs-annotations
> It appears to be apache 2, though aaron you should verify.
>
> On Mon, Oct 17, 2016 at 11:19 AM, Aaron D. Mihalik <
> aaron.miha...@gmail.com>
> wrote:
>
> > fluo has a transitive dependency on findbugs-annotations, not direct.
> >
> > My issue is that
> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> > isn't in maven central.  I think it would be straightforward for us to
> > exclude and replace with c.g.s.f:findbugs-annotations:3.0.1-1, but it's
> > going to be difficult with earlier versions of
> > c.g.s.f:findbugs-annotations.
> >
> > I'll take a closer look at it today, though.
> >
> > --Aaron
> >
> >
> > On Sun, Oct 16, 2016 at 5:51 PM Josh Elser <josh.el...@gmail.com> wrote:
> >
> > > Also, over in Apache Phoenix, we're using
> > > com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1. Maybe I gave
> > > some bad advice on the GAV to use the first time around :)
> > >
> > > Josh Elser wrote:
> > > > A (Maven) repo? It's published central -- you shouldn't have to do
> > > > anything extra to get it. Sonatype is automatically mirrored to
> central
> > > > (like Apache is).
> > > >
> > > > Also, Fluo is depending on this directly? Or just transitively? I am
> > > > hoping I did not miss it directly depending...
> > > >
> > > > No, it's not ok :). You're bundling code whose license is dodgy.
> Either
> > > > way you need to exclude the Findbugs' findbugs-annotations from these
> > > > dependencies. Whether or not you replace in
> > c.g.s.f:findbugs-annotations
> > > > instead is up to you (not sure if you would run into problems)
> > > >
> > > > Aaron D. Mihalik wrote:
> > > >> Anyone know where I can find a repo for this artifact:
> > > >>
> > > >> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> > > >>
> > > >> stephenc lists the Repositories here [1] but I can't find the latest
> > > >> release in those mentioned repos (i.e. here [2] or here [3])
> > > >>
> > > >> I don't think we'll have this resolved for RC2, but I'm hoping
> that's
> > > >> okay
> > > >> because other projects depend on findbugs:jsr305 (i.e. hadoop and
> > fluo).
> > > >>
> > > >> --Aaron
> > > >>
> > > >>
> > > >> [1]
> > > >>
> > > http://stephenc.github.io/findbugs-annotations/
> > distribution-management.html
> > > >>
> > > >> [2]
> > > >>
> > > https://oss.sonatype.org/content/repositories/releases/
> > com/github/stephenc/findbugs/findbugs-annotations/
> > > >>
> > > >> [3]
> > > >>
> > > https://repo.maven.apache.org/maven2/com/github/stephenc/
> > findbugs/findbugs-annotations/
> > > >>
> > > >>
> > >
> >
>
>

Reply via email to