On Mon, Jul 14, 2008 at 2:44 PM, Alan D. Cabrera <[EMAIL PROTECTED]> wrote:
> > Let's keep in mind what we are building. This is not something to help my >>> dad's office assistant make a web site to post pictures of his kids. >>> It's a >>> security framework. People arrive at this this task with girded loins. >>> The >>> LAST thing you want is automagical things going on behind the scenes, >>> especially when it comes to security. >>> >> >> This is where I believe you're mistaken. I know our current end-user >> community better than anyone on this list. There has been an >> overwhelming feedback from users - many of whom are brand new to Java, >> let alone web applications, that rave about the simplicity of our >> framework and how easy it is to set up. The big mantra of this >> project is "we make life easy for you whenever possible, but make it >> flexible when you need it". This is NOT a low-level framework for >> those well-versed in Java. It is a framework for pretty much any >> skill level. >> > > > Ok, now we're getting somewhere. This is compelling to me. > > Why not have > > jsecurity-core - SLF4J API > jsecurity - jsecurity-core plus SLF4J implementation that implements your > algorithm > > Everyone gets what they want. Core developers code against a known, > robust, logging API. Novice users get their dependency free and simple jar. > +1 This was a compromise I wanted to suggest but you beat me to it :-). I think this is the best approach that ameliorates Les' concerns while avoiding a the issues that a custom logging API may introduce. Regards, Alex P.S. If I had a nickel for every time this very same logging issue arose on an OS project I'd be a very rich man. -- Microsoft gives you Windows, Linux gives you the whole house ...
