[
https://issues.apache.org/jira/browse/LOG4J2-2037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16307079#comment-16307079
]
Ralph Goers commented on LOG4J2-2037:
-------------------------------------
I came up with the idea of "import scope" and implemented it in Maven, so I
have a pretty good understanding of how it is supposed to be used. The bill of
materials pom file exists so that you can easily include all of the
dependencies for a project and the versions without having to manually specify
them all in your project's pom. It would be inappropriate for log4j to dictate
the versions of other projects you should be using. If you want those projects
you should include the pom files they provide.
Case 2 is especially troubling. You say your project is compiling with SLF4J
and Log4j 2 is only needed at run time. Yet you want Log4j to bring in the
version of SLF4J? That really doesn't make a lot of sense.
I am closing this as I don't it is something we would want to do.
> Include SLF4J in log4j-bom
> --------------------------
>
> Key: LOG4J2-2037
> URL: https://issues.apache.org/jira/browse/LOG4J2-2037
> Project: Log4j 2
> Issue Type: Improvement
> Affects Versions: 2.9.0
> Environment: Maven
> Reporter: Arend v. Reinersdorff
>
> Currently log4j-bom only includes Log4j 2 dependencies. It would be nice
> log4j-bom would also include an slf4j-api dependency (and maybe other
> optional dependencies).
> Currently when using Log4j 2 as a backend for SLF4J the Maven dependency
> management would look like this:
> {code:xml}
> <dependencyManagement>
> <dependencies>
> <dependency>
> <groupId>org.slf4j</groupId>
> <artifactId>slf4j-api</artifactId>
> <version>1.7.25</version> <!-- Must match dependency version
> of log4j-bom -->
> </dependency>
> <dependency>
> <groupId>org.apache.logging.log4j</groupId>
> <artifactId>log4j-bom</artifactId>
> <version>2.9.0</version>
> <type>pom</type>
> <scope>import</scope>
> </dependency>
> </dependencies>
> </dependencyManagement>
> {code}
>
> If log4j-bom would specify a dependency for slf4j-api:
> * Dependency management entry for slf4j-api would no longer be needed
> * Keeping the dependency versions of Log4j 2 and SLF4J in sync would much
> easier. When the dependency version of log4j-bom is increased, it would
> automatically set the dependency version of slf4j-api.
> As an example see [spring-boot-dependencies |
> http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22org.springframework.boot%22%20AND%20a%3A%22spring-boot-dependencies%22]
> BOM which conveniently specifies many optional Spring Boot dependencies.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
