mbien commented on PR #7826: URL: https://github.com/apache/netbeans/pull/7826#issuecomment-2579537777
> In this PR, only the JARs required to support Kubernetes were added. Regarding whether all of these are necessary: yes, they are. The Kubernetes API is complex, and implementing all the required calls at the REST level is beyond the scope of a single developer. @jhorvath Agreed, proposals which would try to generate or re-implement the k8 model would pretty much guarantee a veto from me since this would be both unmaintainable and also not observable given the API footprint. Using the dependency is the lesser evil there but I would rather try to find ways to avoid this situation entirely. NetBeans was always known for good tooling integration - do doubt. However, this can often also be achieved by integrating with the project build or tools in the environment. A project will likely know how to deploy itself to a cluster since nobody deploys IDEs to CI. NB already bundles maven and gradle which could delegate to plugins. Maybe it can call the cli tool. Delegating to projects, if possible, is often the ideal solution since they know exactly [what versions they have to work with](https://github.com/kubernetes-client/java/wiki/2.-Versioning-and-Compatibility#compatibility). @sdedic @jhorvath Regarding the dependencies specifically. We do know that there is no dependabot and nothing what makes dependency updates a one-click operation in this repo. By integrating this, there is also the shared responsibility (esp from those who approved and merged) to keep those dependencies up to date before releases. We have a manually triggered [dep checker workflow](https://github.com/apache/netbeans/actions/workflows/dependency-checks.yml), but thats where the convenience ends unfortunately. @matthiasblaesing already mentioned it, but this does also add yet another http client which is not ideal from the attack surface perspective. Please check if there is a java.net.http variant, if not, please have especially an eye on that dependency between releases. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
