Michael Vorburger.ch created FINERACT-761:
---------------------------------------------
Summary: Use of (unmaintained) Drizzle JDBC driver in Fineract
Build (not run-time) prevents upgrading Flyway <- Gradle
Key: FINERACT-761
URL: https://issues.apache.org/jira/browse/FINERACT-761
Project: Apache Fineract
Issue Type: Bug
Components: Build
Reporter: Michael Vorburger.ch
Assignee: Michael Vorburger.ch
Raising an issue for a discussing dedicated to the mess that is blocking
FINERACT-700 from proceeding:
[https://lists.apache.org/thread.html/3fade23ba553a248481bd6e066cea1548d800be1454da16bb5d2c038@%3Cdev.fineract.apache.org%3E]
The TL;DR is that the Apache Fineract project is stuck on very ancient versions
of a number of 3rd party tools and libraries, including the Gradle Build tools,
JDBC driver, automated code quality tools like FindBugs (which has security
related impacts; more recent versions would permit switching to SpotBugs and
add automated SQL injection vulnerability scanning and the like).
It's a long tail of depencies, but ultimately it boils down to having to talk
to a MariaDB server using the bygone obsolete Drizzle JDBC driver which is can
be seen on https://github.com/krummas/DrizzleJDBC is simply dead -
unmaintained. The obvious solution is to switch to using the current
MariaDB.org (but not Oracle.com...) Connector/J JDBC driver, see
https://downloads.mariadb.org/connector-java/. But there are hesitations to do
this due to legal concerns, see FINCN-26 (which is for Fineract CN not for
Fineract "Classic", but same story).
Not entirely sure how to proceed here. In theory, I guess the options are:
1. Asking the Fineract project to somehow step up to maintain Drizzle? Seems
unreasonable.
2. See if there is any way that the impasse on the legal side could be
resolved? Perhaps at least for a build time tool which is not shipped there
could be an exception? I'll open a JIRA issue get an official viewpoint from
the Apache.org Legal Affairs Committee...
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
