[
https://issues.apache.org/jira/browse/HBASE-16260?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15393244#comment-15393244
]
Nick Dimiduk commented on HBASE-16260:
--------------------------------------
bq.I've been unable to prioritize this issue enough given its impact on the
project.
Thanks for making an effort [~busbey]!
bq. Would revert of HBASE-15122 help?
Looks like we'll also need to pop off HBASE-15270, as it makes further use of
the introduced esapi dependency. For an immediate solution, yes, they revert
cleanly and doing so removes the dependencies esapi and beanshell from the
output of dependency:tree. This doesn't help with the larger issue though.
I suggest we move forward with the revert, downgrade this issue from blocker,
and free up RM's. I looked briefly at the rat module source code, it appears to
be only designed to enforce the presence of approved headers in distributed
files. There's nothing I can find about checking metadata on dependencies. Are
we reduced to consuming the DEPENDENCIES report mentioned earlier? Maybe
[~busbey] knows more voodoo than I...
> Audit dependencies for Category-X
> ---------------------------------
>
> Key: HBASE-16260
> URL: https://issues.apache.org/jira/browse/HBASE-16260
> Project: HBase
> Issue Type: Task
> Components: community, dependencies
> Affects Versions: 2.0.0, 1.2.0, 1.3.0, 1.2.1, 1.1.4, 1.0.4, 1.1.5, 1.2.2
> Reporter: Sean Busbey
> Assignee: Sean Busbey
> Priority: Blocker
> Fix For: 2.0.0, 1.1.6, 1.2.3
>
>
> Make sure we do not have category x dependencies.
> right now we atleast have an LGPL for xom:xom (thanks to PHOENIX-3103 for the
> catch)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
