bkkothari2255 commented on PR #74: URL: https://github.com/apache/sling-org-apache-sling-distribution-core/pull/74#issuecomment-3996780439
> hi @bkkothari2255 I doubt that it's that easy, unless filevault 4.2.0 added some package dependency updates, which cannot be fulfilled by an 4.1.4 (the previous version). > > [apache/jackrabbit-filevault@jackrabbit-filevault-4.1.4...jackrabbit-filevault-4.2.0](https://github.com/apache/jackrabbit-filevault/compare/jackrabbit-filevault-4.1.4...jackrabbit-filevault-4.2.0) shows for the `package-info.java` files only a change in formatting, not in any version number. > > For that just updating the filevault-core dependency to 4.2.0 is not good enough. @joerghoh Great catch! I checked the source and you're right—the package version remained 2.16.0 in FileVault 4.2.0 despite the breaking API change. Because of this, standard OSGi won't generate the strict Import-Package we need. @kwin Since we can't rely on the package version to enforce the secure engine, should we use a strict `Require-Bundle` as a workaround here, or just hold this PR until FileVault releases a corrected package version? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
