On 7/28/2016 1:47 AM, Andrew Dinn wrote:
A descriptor (module-info.class) baked into a 3rd party jar at release
cannot be altered without getting the 3rd party to update and re-release
the jar -- at which point other components then also need to change and
be re-released in consequence. Meanwhile further components will have
had to change to patch bugs or security issues and the whole cycle
starts all over again.
By contrast a descriptor (or suite of descriptors) independent from the
described components can be updated without having to get multiple 3rd
parties to be involved in re-creating the described components. This
latter route has indeed been followed by those who have had to build
systems at this scale for exactly this reason.
Down-thread, Alan asked for examples of the changes you've made to a 3rd
party's descriptor, but I think you're raising "descriptor baked into a
3rd party jar" as a concern for modules delivered in the future rather
than for JAR files you have on hand today. I think this because Sanne
Grinovero spoke on 7/12 of CREATING descriptors from scratch:
"In fact in my team we also have experience "packaging" lots of these
OSS Java libraries into JBoss Modules, and have always appreciated that
- as an assembler - with JBoss Modules I can define the dependencies via
external metadata, without having to recompile or have to reassemble the
jar. As you [meaning John Rose] suggest, it is indeed useful to be able
to override the intent of the library authors, especially as different
libraries are developed by independent teams / communities / companies."
I assume the "intent of the library authors" is found in the POM, and he
translate it to module.xml [1] with occasional tweaks to add, remove,
and optionalize dependencies.
Am I on track?
Alex
[1] https://docs.jboss.org/author/display/MODULES/Module+descriptors
