[jira] [Commented] (HBASE-20257) hbase-spark should not depend on com.google.code.findbugs.jsr305

Thu, 22 Mar 2018 09:14:40 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-20257?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16409787#comment-16409787
 ] 

Sean Busbey commented on HBASE-20257:
-------------------------------------

Isn't this a known issue?

{code}
 <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <executions>
          <!-- purposefully have jsr 305 exclusion only warn in this module -->
          <execution>
            <id>banned-jsr305</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <fail>false</fail>
            </configuration>
          </execution>
{code}

In any other module it would fail. Looking at the pom, we expressly have 
entries marking that dependency from upstream as provided. I'd guess because 
they need it.

I suggest digging in to e.g. the commit history on the warning status and/or 
dependency status, then doing one of (in decreasing preference):

1) removing the dependency if we can
2) updating the output of the enforcer plugin to clarify what's going on
3) updating the note in the pom to clarify what's going on

this way devs in the future are less likely to get concerned about the message 
you saw.

> hbase-spark should not depend on com.google.code.findbugs.jsr305
> ----------------------------------------------------------------
>
>                 Key: HBASE-20257
>                 URL: https://issues.apache.org/jira/browse/HBASE-20257
>             Project: HBase
>          Issue Type: Bug
>          Components: build
>            Reporter: Ted Yu
>            Priority: Major
>
> The following can be observed in the build output of master branch:
> {code}
> [WARNING] Rule 0: org.apache.maven.plugins.enforcer.BannedDependencies failed 
> with message:
> We don't allow the JSR305 jar from the Findbugs project, see HBASE-16321.
> Found Banned Dependency: com.google.code.findbugs:jsr305:jar:1.3.9
> Use 'mvn dependency:tree' to locate the source of the banned dependencies.
> {code}
> Here is related snippet from hbase-spark/pom.xml:
> {code}
>     <dependency>
>       <groupId>com.google.code.findbugs</groupId>
>       <artifactId>jsr305</artifactId>
> {code}
> Dependency on jsr305 should be dropped.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to