Re: [**EXTERNAL**] Re: Future of Ivy and IvyDE
Thank you for all your years of work on Ivy. Ivy is the only dependency resolver that I know that supports branches during resolution. Even Gradle does not have first class support for branches. Martin From: Jaikiran Pai Sent: October 8, 2024 10:56 AM To: Ant Developers List Cc: u...@ant.apache.org ; ivy-u...@ant.apache.org Subject: [**EXTERNAL**] Re: Future of Ivy and IvyDE Hello everyone, Here's an update to this discussion - for reasons noted in this discussion, the Ant PMC no longer has the ability to maintain Ivy project. This thread was started more than a year back and we were hoping that if there was enough interest then there would be some proposals to fork the project or maintain the project outside of the Ant PMC by people who have the ability to provide continued maintenance to the Ivy project. Given the current status, the Ant PMC is considering initiating a vote to retire the Ivy project (like we did for the IvyDE project). We plan to initiate the vote next month (November) just to allow a few more weeks for anyone to step forward if they would like to maintain the project. -Jaikiran On 22/08/23 9:32 pm, Stefan Bodewig wrote: > Hi all > > before I get to the actual content of this mail: > > * I'm cross-posting to three lists but I ask you to keep responses to >dev@ant only (and join the list if necessary) if you want to respond. > > * what I write is my personal opinion and not shared by the PMC as a >whole. The people on the PMC know I'd be writing a mail like this >sooner or later, though. > > * this is a discussion, not a vote. > > phew > > I'm not quite sure what I hope to achieve with this email, but I'd like > to share my thoughts - and raise the awareness of an elephant being in > the room. > > Over the past year we've had three security vulnerabilities discovered > in Ivy and it took us much too long to get them fixed. The reason for > this is there are no people left around who are familiar with the Ivy > code base. Most of the remaining developers around Ant are not even > users of Ivy - I know I am not and have never been. > > When it comes to IvyDE things are probably even worse as nobody of us > uses Eclipse, either. But then again I've not managed to create an > Eclipse update site for the last two Ivy releases so maybe nobody is > using IvyDE anymore anyway. > > At least *I* don't see myself digging deeper into the Ivy code base in > order to fix non-critical bugs. And even for the critical ones I feel we > are not doing an adequate job. To me it looks as if Ivy and in > particilar IvyDE are no longer really supported by the Ant project. > > TBH I'm not quite sure what to do about this. Even if people stepped up > to maintain Ivy, the rest of the Ant devs would probably be unable to > verify the changes they want to make. At least I certainly am not > willing to review bigger PRs/patches to a code base I don't understand > well. > > Personally I believe we should send IvyDE to the Apache Attic > immediately, and this likely should be the destination for Ivy sooner or > later as well. In the case of Ivy we know there are people who depend on > it (hi, Groovy folks) so maybe we should give a date in the future until > which we are providing security bug fixes to give people time to move > off. > > There may be the need for a dependency management system inside of Ant, > I'm not sure. If so, then this should be driven by people who feel the > actual need IMO. There may already be alternatives to Ivy I am not aware > of. > > Stefan > > - > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > For additional commands, e-mail: dev-h...@ant.apache.org
Re: Future of Ivy and IvyDE
Hello everyone, Here's an update to this discussion - for reasons noted in this discussion, the Ant PMC no longer has the ability to maintain Ivy project. This thread was started more than a year back and we were hoping that if there was enough interest then there would be some proposals to fork the project or maintain the project outside of the Ant PMC by people who have the ability to provide continued maintenance to the Ivy project. Given the current status, the Ant PMC is considering initiating a vote to retire the Ivy project (like we did for the IvyDE project). We plan to initiate the vote next month (November) just to allow a few more weeks for anyone to step forward if they would like to maintain the project. -Jaikiran On 22/08/23 9:32 pm, Stefan Bodewig wrote: Hi all before I get to the actual content of this mail: * I'm cross-posting to three lists but I ask you to keep responses to dev@ant only (and join the list if necessary) if you want to respond. * what I write is my personal opinion and not shared by the PMC as a whole. The people on the PMC know I'd be writing a mail like this sooner or later, though. * this is a discussion, not a vote. phew I'm not quite sure what I hope to achieve with this email, but I'd like to share my thoughts - and raise the awareness of an elephant being in the room. Over the past year we've had three security vulnerabilities discovered in Ivy and it took us much too long to get them fixed. The reason for this is there are no people left around who are familiar with the Ivy code base. Most of the remaining developers around Ant are not even users of Ivy - I know I am not and have never been. When it comes to IvyDE things are probably even worse as nobody of us uses Eclipse, either. But then again I've not managed to create an Eclipse update site for the last two Ivy releases so maybe nobody is using IvyDE anymore anyway. At least *I* don't see myself digging deeper into the Ivy code base in order to fix non-critical bugs. And even for the critical ones I feel we are not doing an adequate job. To me it looks as if Ivy and in particilar IvyDE are no longer really supported by the Ant project. TBH I'm not quite sure what to do about this. Even if people stepped up to maintain Ivy, the rest of the Ant devs would probably be unable to verify the changes they want to make. At least I certainly am not willing to review bigger PRs/patches to a code base I don't understand well. Personally I believe we should send IvyDE to the Apache Attic immediately, and this likely should be the destination for Ivy sooner or later as well. In the case of Ivy we know there are people who depend on it (hi, Groovy folks) so maybe we should give a date in the future until which we are providing security bug fixes to give people time to move off. There may be the need for a dependency management system inside of Ant, I'm not sure. If so, then this should be driven by people who feel the actual need IMO. There may already be alternatives to Ivy I am not aware of. Stefan - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
Re: Future of Ivy and IvyDE
Hi Eric On 2023-12-04, Eric Milles wrote: > It sounds to me like Ivy and IvyDE -- even as a retired subproject -- should > move out from under Apache Ant. Just for my clarity, is Apache Ivy a > top-level project or a subproject of Apache Ant? The top level ASF project here is "Apache Ant" and the corresponding PMC oversees the Ant build tool, Apache Ivy, a few "Antlibs" and up to their retirement IvyDE, EasyAnt and Antidote. You may be aware of ASF discussions on the term "subproject" in other places. We've called Ivy and IvyDE "projects", but that's just a word. They are/have been components with releases the Ant PMC voted on - just like the Ant build tool. Technically the Ant top-level project has a single set of committers who are committers to all Ant "projects" and release votes have always involved the full PMC. Does that help? Cheers Stefan - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
Re: Future of Ivy and IvyDE
If this happens I will donate and admin a new MySDK.org website for the ASF FOSS user group community. I am a major fan of ANT and see IVY and Eclipse IDE bridge as critical. I will set up an email contact for me tonight at r...@mysdk.org if you to reach me in the future. Kind regards. m...@craighunt.us On Mon, Dec 4, 2023, 10:15 AM Eric Milles wrote: > Hello, > I was just made aware of this discussion and thought I would share a bit. > We use Ant+Ivy and Eclipse+IvyDE here (Thomson Reuters) to support dozens > of java projects. IvyDE has been working very well for the past many years > and I have only minor issues with it form time to time. Mostly an eclipse > restart and ivy refresh fixes it. So a big "thank you" to all the > maintainers over the years. Ant+Ivy has kept us out of Maven or Gradle > tangles. > > In terms of ongoing maintenance, I have picked up the Groovy Eclipse tools > (https://github.com/groovy/groovy-eclipse) and the Microsoft Team > Explorer tools (https://github.com/microsoft/team-explorer-everywhere), > so I do have experience with Eclipse IDE development. If someone wants > help getting builds run and update sites created and verified, I can help > with that. If there are bugs in IvyDE that need attention, I could help > with that as well. > > It sounds to me like Ivy and IvyDE -- even as a retired subproject -- > should move out from under Apache Ant. Just for my clarity, is Apache Ivy > a top-level project or a subproject of Apache Ant? > > Eric Milles > ASF member/contributor > Apache Groovy PMC member > > On 2023/09/05 16:52:38 Nicolas Lalevée wrote: > > Hi there, > > > > I used to be involved, especially in IvyDE, and as many, my build tools > and my IDE changed (for the IDE I am glad, not for the build tools…). So I > had no particular interest of doing any maintenance, so much that lost > track of the last releases of Ivy, where I could help. Many many thanks for > those still around keep things not completely stalled, especially for those > who doesn’t know the code base. > > > > For IvyDE, we wanted to retire it some years ago. The community raised > some interests, so we didn’t proceed. But many years later, the proof is > that is not maintained. Me too, I think it should be retired now. > > > > For the current IvyDE users, it shouldn’t be a concern that IvyDE is > retired as an Apache project. You will still be able to continue to use the > plugin. The released artifacts of the updatesite are archived [1] and won’t > disappear. We would just announcing officially what in practice happens: it > is not maintained anymore. > > > > And we tried our best to be opened on how to build and release the > plugin and the updatesite, it is documented [2]. On my machine which just > have Ant and Java installed, I just tried and I have been able to build of > the updatesite with the last release of Ivy without much effort. Doing a > proper Apache release of that is another subject, there are signatures, at > least verify that it actually works in a real Eclipse, votes, and so on. > And adding features and even fixing bugs is a very big step to get > involved, it requires a complete Eclipse SDK setup. But at least headless, > if it is required, I think anybody motivated enough should be able to re > build it locally, the updatesite too. It wouldn’t be as much user friendly > as it is today, but you should be able to work with your preferred IDE and > dependency manager for as long as Eclipse is having 4.x versions. > > > > Due to my particular former involvement in IvyDE (I know it well), and > my lack of involvement in the Ant community lately (I don’t read all > mailinglists), if you have issues with the build or the code of IvyDE, you > can mail on ant-dev@ and CC me directly. > > > > That’s for IvyDE. For Ivy, it kind of feels different due to the general > usage which continues to exists, as we can see people are searching > vulnerabilities in it. > > > > I am very sorry to read about missed opportunities to help new > contributors, I didn’t saw them, very sorry about that. > > > > Then, acknowledging that even fixing vulnerabilities is painful to the > community, I think we should accept to declare that we officially stop the > maintenance, stop the burden on people involved in the Ant project. > > > > I hear the user community that we should still try our best to keep > maintaining it, it is still worth it, I understand. > > > > So maybe we can declare a last call. The last maintenance window where > only vulnerabilities will be fixed. Months ? 6 ? And hope that before that > deadline, there are some interested parties that are willing to do proper > maintenance over the project, here at Apache or elsewhere. > > > > Nicolas > > > > [1] https://archive.apache.org/dist/ant/ivyde/updatesite/ > > [2] https://ant.apache.org/ivy/ivyde/history/latest-milestone/dev.html > > > > > Le 22 août 2023 à 18:02, Stefan Bodewig a écrit : > > > > > > Hi all > > > > > > before I get t
Re: Future of Ivy and IvyDE
Hello, I was just made aware of this discussion and thought I would share a bit. We use Ant+Ivy and Eclipse+IvyDE here (Thomson Reuters) to support dozens of java projects. IvyDE has been working very well for the past many years and I have only minor issues with it form time to time. Mostly an eclipse restart and ivy refresh fixes it. So a big "thank you" to all the maintainers over the years. Ant+Ivy has kept us out of Maven or Gradle tangles. In terms of ongoing maintenance, I have picked up the Groovy Eclipse tools (https://github.com/groovy/groovy-eclipse) and the Microsoft Team Explorer tools (https://github.com/microsoft/team-explorer-everywhere), so I do have experience with Eclipse IDE development. If someone wants help getting builds run and update sites created and verified, I can help with that. If there are bugs in IvyDE that need attention, I could help with that as well. It sounds to me like Ivy and IvyDE -- even as a retired subproject -- should move out from under Apache Ant. Just for my clarity, is Apache Ivy a top-level project or a subproject of Apache Ant? Eric Milles ASF member/contributor Apache Groovy PMC member On 2023/09/05 16:52:38 Nicolas Lalevée wrote: > Hi there, > > I used to be involved, especially in IvyDE, and as many, my build tools and > my IDE changed (for the IDE I am glad, not for the build tools…). So I had no > particular interest of doing any maintenance, so much that lost track of the > last releases of Ivy, where I could help. Many many thanks for those still > around keep things not completely stalled, especially for those who doesn’t > know the code base. > > For IvyDE, we wanted to retire it some years ago. The community raised some > interests, so we didn’t proceed. But many years later, the proof is that is > not maintained. Me too, I think it should be retired now. > > For the current IvyDE users, it shouldn’t be a concern that IvyDE is retired > as an Apache project. You will still be able to continue to use the plugin. > The released artifacts of the updatesite are archived [1] and won’t > disappear. We would just announcing officially what in practice happens: it > is not maintained anymore. > > And we tried our best to be opened on how to build and release the plugin and > the updatesite, it is documented [2]. On my machine which just have Ant and > Java installed, I just tried and I have been able to build of the updatesite > with the last release of Ivy without much effort. Doing a proper Apache > release of that is another subject, there are signatures, at least verify > that it actually works in a real Eclipse, votes, and so on. And adding > features and even fixing bugs is a very big step to get involved, it requires > a complete Eclipse SDK setup. But at least headless, if it is required, I > think anybody motivated enough should be able to re build it locally, the > updatesite too. It wouldn’t be as much user friendly as it is today, but you > should be able to work with your preferred IDE and dependency manager for as > long as Eclipse is having 4.x versions. > > Due to my particular former involvement in IvyDE (I know it well), and my > lack of involvement in the Ant community lately (I don’t read all > mailinglists), if you have issues with the build or the code of IvyDE, you > can mail on ant-dev@ and CC me directly. > > That’s for IvyDE. For Ivy, it kind of feels different due to the general > usage which continues to exists, as we can see people are searching > vulnerabilities in it. > > I am very sorry to read about missed opportunities to help new contributors, > I didn’t saw them, very sorry about that. > > Then, acknowledging that even fixing vulnerabilities is painful to the > community, I think we should accept to declare that we officially stop the > maintenance, stop the burden on people involved in the Ant project. > > I hear the user community that we should still try our best to keep > maintaining it, it is still worth it, I understand. > > So maybe we can declare a last call. The last maintenance window where only > vulnerabilities will be fixed. Months ? 6 ? And hope that before that > deadline, there are some interested parties that are willing to do proper > maintenance over the project, here at Apache or elsewhere. > > Nicolas > > [1] https://archive.apache.org/dist/ant/ivyde/updatesite/ > [2] https://ant.apache.org/ivy/ivyde/history/latest-milestone/dev.html > > > Le 22 août 2023 à 18:02, Stefan Bodewig a écrit : > > > > Hi all > > > > before I get to the actual content of this mail: > > > > * I'm cross-posting to three lists but I ask you to keep responses to > > dev@ant only (and join the list if necessary) if you want to respond. > > > > * what I write is my personal opinion and not shared by the PMC as a > > whole. The people on the PMC know I'd be writing a mail like this > > sooner or later, though. > > > > * this is a discussion, not a vo
Re: Trying my hands at an ivy-updatesite (was Re: Future of Ivy and IvyDE)
Hi Stefan: Thanks for trying this out. I can confirm that I was able to just now update my version of the ivy lib+ant tasks to latest 2.5.2 with Eclipse 2022-03, using the updatesite you published at the URL you linked in the last message. However, the updatesite you generated contained only info for ivy and not the latest released IvyDE version. If you were able to build (or at lease stage the artifacts for) that last IvyDE version, maybe re-running that ant target would create an updatesite for both together like it used to be. Maybe Nicolas can chime in on this so we can have one last complete ivy-updatesite. I can confirm that ivy 2.5.2 works just fine with IvyDE 2.2.0-final. Also, either way the final URL for whatever we end up with should be published to just (which I believe is the documented URL): https://dist.apache.org/repos/dist/dev/ant/ivyde/updatesite/ Really appreciate your efforts here. Thanks, Jason On 11/19/2023 8:16 AM, Stefan Bodewig wrote: CAUTION: This email originated from outside the State of Alaska mail system. Do not click links or open attachments unless you recognize the sender and know the content is safe. On 2023-09-05, Nicolas Lalevée wrote: And we tried our best to be opened on how to build and release the plugin and the updatesite, it is documented [2]. On my machine which just have Ant and Java installed, I just tried and I have been able to build of the updatesite with the last release of Ivy without much effort. Many thanks for the pointer, Nicolas. In my case it immediately stopped with , | eclipse-startup-check: | | BUILD FAILED | /home/stefan/devel/ASF/ivy-updatesite/build.xml:39: An Eclipse install is needed to run the build. Set your Eclipse install dir into the baseLocation property. ` and I haven't got any idea of which version of Eclipse I'd need to install. So I went with 202309 and kept my fingers crossed. At least the build proceeded. https://dist.apache.org/repos/dist/dev/ant/ivyde/updatesite/ivy-2.5.2.final_20230817170011/ is what I created. TBH I have no idea what I have created and signed - nor do I have any way of verifying it works. If anybody wants - and is able - to check what I've created, I'd be grateful. Even then I don't really feel comfortable calling for a vote on something I don't even trust myself. Cheers Stefan [2]https://ant.apache.org/ivy/ivyde/history/latest-milestone/dev.html - To unsubscribe, e-mail:dev-unsubscr...@ant.apache.org For additional commands, e-mail:dev-h...@ant.apache.org -- Jason Guild Systems Programmer Alaska Department of Transportation & Public Facilities Program Management and Administration 820 E. 15th Ave. Anchorage, Alaska 99501
Re: Trying my hands at an ivy-updatesite (was Re: Future of Ivy and IvyDE)
> Le 19 nov. 2023 à 18:16, Stefan Bodewig a écrit : > > On 2023-09-05, Nicolas Lalevée wrote: > >> And we tried our best to be opened on how to build and release the >> plugin and the updatesite, it is documented [2]. On my machine which >> just have Ant and Java installed, I just tried and I have been able to >> build of the updatesite with the last release of Ivy without much >> effort. > > Many thanks for the pointer, Nicolas. > > In my case it immediately stopped with > > , > | eclipse-startup-check: > | > | BUILD FAILED > | /home/stefan/devel/ASF/ivy-updatesite/build.xml:39: An Eclipse install is > needed to run the build. Set your Eclipse install dir into the baseLocation > property. > ` > > and I haven't got any idea of which version of Eclipse I'd need to > install. So I went with 202309 and kept my fingers crossed. At least the > build proceeded. > > https://dist.apache.org/repos/dist/dev/ant/ivyde/updatesite/ivy-2.5.2.final_20230817170011/ > is what I created. TBH I have no idea what I have created and signed - > nor do I have any way of verifying it works. > > If anybody wants - and is able - to check what I've created, I'd be > grateful. Even then I don't really feel comfortable calling for a vote > on something I don't even trust myself. Thank you Stefan to have tried, and successfully build an Eclipse updatesite ! (I admit I didn’t validated them functionally, I just looked at the files). It reassures me that the scripts are still working, not only on my machine, even for someone not used to this very particular build system. Considering the ongoing vote on IvyDE retirement, I don’t think we need to make them official Apache release artifacts. Anyone actually interested to have this plugin installed in his Eclipse should be able to be rebuild it. If in the future there is a newer version of Ivy, the situation will be the same. Nicolas > > Cheers > >Stefan > >> [2] https://ant.apache.org/ivy/ivyde/history/latest-milestone/dev.html > > - > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > For additional commands, e-mail: dev-h...@ant.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
Trying my hands at an ivy-updatesite (was Re: Future of Ivy and IvyDE)
On 2023-09-05, Nicolas Lalevée wrote: > And we tried our best to be opened on how to build and release the > plugin and the updatesite, it is documented [2]. On my machine which > just have Ant and Java installed, I just tried and I have been able to > build of the updatesite with the last release of Ivy without much > effort. Many thanks for the pointer, Nicolas. In my case it immediately stopped with , | eclipse-startup-check: | | BUILD FAILED | /home/stefan/devel/ASF/ivy-updatesite/build.xml:39: An Eclipse install is needed to run the build. Set your Eclipse install dir into the baseLocation property. ` and I haven't got any idea of which version of Eclipse I'd need to install. So I went with 202309 and kept my fingers crossed. At least the build proceeded. https://dist.apache.org/repos/dist/dev/ant/ivyde/updatesite/ivy-2.5.2.final_20230817170011/ is what I created. TBH I have no idea what I have created and signed - nor do I have any way of verifying it works. If anybody wants - and is able - to check what I've created, I'd be grateful. Even then I don't really feel comfortable calling for a vote on something I don't even trust myself. Cheers Stefan > [2] https://ant.apache.org/ivy/ivyde/history/latest-milestone/dev.html - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
Re: Future of Ivy and IvyDE
Hi there, I used to be involved, especially in IvyDE, and as many, my build tools and my IDE changed (for the IDE I am glad, not for the build tools…). So I had no particular interest of doing any maintenance, so much that lost track of the last releases of Ivy, where I could help. Many many thanks for those still around keep things not completely stalled, especially for those who doesn’t know the code base. For IvyDE, we wanted to retire it some years ago. The community raised some interests, so we didn’t proceed. But many years later, the proof is that is not maintained. Me too, I think it should be retired now. For the current IvyDE users, it shouldn’t be a concern that IvyDE is retired as an Apache project. You will still be able to continue to use the plugin. The released artifacts of the updatesite are archived [1] and won’t disappear. We would just announcing officially what in practice happens: it is not maintained anymore. And we tried our best to be opened on how to build and release the plugin and the updatesite, it is documented [2]. On my machine which just have Ant and Java installed, I just tried and I have been able to build of the updatesite with the last release of Ivy without much effort. Doing a proper Apache release of that is another subject, there are signatures, at least verify that it actually works in a real Eclipse, votes, and so on. And adding features and even fixing bugs is a very big step to get involved, it requires a complete Eclipse SDK setup. But at least headless, if it is required, I think anybody motivated enough should be able to re build it locally, the updatesite too. It wouldn’t be as much user friendly as it is today, but you should be able to work with your preferred IDE and dependency manager for as long as Eclipse is having 4.x versions. Due to my particular former involvement in IvyDE (I know it well), and my lack of involvement in the Ant community lately (I don’t read all mailinglists), if you have issues with the build or the code of IvyDE, you can mail on ant-dev@ and CC me directly. That’s for IvyDE. For Ivy, it kind of feels different due to the general usage which continues to exists, as we can see people are searching vulnerabilities in it. I am very sorry to read about missed opportunities to help new contributors, I didn’t saw them, very sorry about that. Then, acknowledging that even fixing vulnerabilities is painful to the community, I think we should accept to declare that we officially stop the maintenance, stop the burden on people involved in the Ant project. I hear the user community that we should still try our best to keep maintaining it, it is still worth it, I understand. So maybe we can declare a last call. The last maintenance window where only vulnerabilities will be fixed. Months ? 6 ? And hope that before that deadline, there are some interested parties that are willing to do proper maintenance over the project, here at Apache or elsewhere. Nicolas [1] https://archive.apache.org/dist/ant/ivyde/updatesite/ [2] https://ant.apache.org/ivy/ivyde/history/latest-milestone/dev.html > Le 22 août 2023 à 18:02, Stefan Bodewig a écrit : > > Hi all > > before I get to the actual content of this mail: > > * I'm cross-posting to three lists but I ask you to keep responses to > dev@ant only (and join the list if necessary) if you want to respond. > > * what I write is my personal opinion and not shared by the PMC as a > whole. The people on the PMC know I'd be writing a mail like this > sooner or later, though. > > * this is a discussion, not a vote. > > phew > > I'm not quite sure what I hope to achieve with this email, but I'd like > to share my thoughts - and raise the awareness of an elephant being in > the room. > > Over the past year we've had three security vulnerabilities discovered > in Ivy and it took us much too long to get them fixed. The reason for > this is there are no people left around who are familiar with the Ivy > code base. Most of the remaining developers around Ant are not even > users of Ivy - I know I am not and have never been. > > When it comes to IvyDE things are probably even worse as nobody of us > uses Eclipse, either. But then again I've not managed to create an > Eclipse update site for the last two Ivy releases so maybe nobody is > using IvyDE anymore anyway. > > At least *I* don't see myself digging deeper into the Ivy code base in > order to fix non-critical bugs. And even for the critical ones I feel we > are not doing an adequate job. To me it looks as if Ivy and in > particilar IvyDE are no longer really supported by the Ant project. > > TBH I'm not quite sure what to do about this. Even if people stepped up > to maintain Ivy, the rest of the Ant devs would probably be unable to > verify the changes they want to make. At least I certainly am not > willing to review bigger PRs/patches to a code base I don't understand > well. > > Personally I believe
Re: Future of Ivy and IvyDE
On 2023-08-28, Cohen, Ross wrote: > Perhaps someone from the Ant team can poke the Eclipse people and tell > them that there are devs/teams that will simply move to another IDE > rather than give up Ant/Ivy/IvyIDE; it might be very much in their > best interest to put a dev part time on Ivy/IvyIDE. My guess is the impact would be bigger if actual users of IvyDE told them. Stefan - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
RE: Future of Ivy and IvyDE
Hi, Our shop uses Ivy/IvyIDE. We decided against maven because it seemed verbose and unfriendly to our projects' customizations. The whizzo integration with Eclipse was a big added bonus -- we'd tried to get Maven working with eclipse to compile our projects but it never really seemed to work properly (this was ~9 years ago). I like Ivy, but I have trouble imagining using it without an IDE. Modern IDEs are simply too powerful to sideline. Not sure which is worse: converting to maven (hopefully eclipse integration is better these days), or going back to directories filled with jars. A third option appears to be IvyIDEA for IntelliJ, which has ~500,000 downloads, and appears to be maintained. Perhaps someone from the Ant team can poke the Eclipse people and tell them that there are devs/teams that will simply move to another IDE rather than give up Ant/Ivy/IvyIDE; it might be very much in their best interest to put a dev part time on Ivy/IvyIDE. Anyways, the prospect of losing Ivy contributes to my general sense of deterioration in the Java dev space: Java's best build/dependency tool goes belly-up. I know at least half a dozen important/useful projects which appear to be on the brink of death. Also been seeing some bizarre tooling decisions from the java people (after 20 years they got rid of the API doc's tree browser -- wtf?!). Hoping for the best ... Ross -Original Message- From: s.an...@infass.com.INVALID Sent: Tuesday, August 22, 2023 12:45 PM To: ivy-u...@ant.apache.org; dev@ant.apache.org Cc: u...@ant.apache.org Subject: RE: Future of Ivy and IvyDE This email originated from outside of the organization. Use caution when replying, opening attachment(s), and/or clicking on URL's. Hi, I can't really discuss how many developers use Ivy and how it is difficult to maintain this project if there is not enough maintainers... But I can give hints about our usage in our companies: * We love "ant", it's for us a clear language syntax that can achieve our build processes like we want (and we have a good expertise about it) * We had need to move on more modern way to handle dependencies * We use ivy for that * We have a tight integration inside our custom CI chain and in our IDE. We didn't use IvyDE For sure, we know that "ant" is an older daddy inside the building tools area Ivy have their caveats but we are able to integrate it nicely inside our build chain. We can have 2 orientations: * Move to another build tool and don't use anymore ant * Move to another dependency tool usable by ant (at this date, I'm not sure, we have real alternative to Ivy) * Continue to use Ant + Ivy as long as we can What I can say : we appreciate the couple of ant + ivy and if possible we would love to continue to use them ! Sébastien. -Message d'origine- De : Stefan Bodewig Envoyé : mardi 22 août 2023 18:02 À : dev@ant.apache.org Cc : u...@ant.apache.org; ivy-u...@ant.apache.org Objet : Future of Ivy and IvyDE Hi all before I get to the actual content of this mail: * I'm cross-posting to three lists but I ask you to keep responses to dev@ant only (and join the list if necessary) if you want to respond. * what I write is my personal opinion and not shared by the PMC as a whole. The people on the PMC know I'd be writing a mail like this sooner or later, though. * this is a discussion, not a vote. phew I'm not quite sure what I hope to achieve with this email, but I'd like to share my thoughts - and raise the awareness of an elephant being in the room. Over the past year we've had three security vulnerabilities discovered in Ivy and it took us much too long to get them fixed. The reason for this is there are no people left around who are familiar with the Ivy code base. Most of the remaining developers around Ant are not even users of Ivy - I know I am not and have never been. When it comes to IvyDE things are probably even worse as nobody of us uses Eclipse, either. But then again I've not managed to create an Eclipse update site for the last two Ivy releases so maybe nobody is using IvyDE anymore anyway. At least *I* don't see myself digging deeper into the Ivy code base in order to fix non-critical bugs. And even for the critical ones I feel we are not doing an adequate job. To me it looks as if Ivy and in particilar IvyDE are no longer really supported by the Ant project. TBH I'm not quite sure what to do about this. Even if people stepped up to maintain Ivy, the rest of the Ant devs would probably be unable to verify the changes they want to make. At least I certainly am not willing to review bigger PRs/patches to a code base I don't understand well. Personally I believe we should send IvyDE to the Apache Attic immediately, and this likely should be the des
Re: Future of Ivy and IvyDE
I was a long-time Ant + Ivy and IvyDE. At work, we finally switched one of our products to Maven. We have at least one other product that still uses Ant + Ivy, I'm not sure what that team operates as an IDE. >From my POV, you can't effectively and sanely develop using Ivy *without* IDE support, in our case, that was Eclipse and IvyDE. Gary On Mon, Aug 28, 2023 at 9:23 AM Stefan Bodewig wrote: > Hi > > sorry for my bad timing sending out an email and then being unbale to > answer for days. This is not what I intended. > > Let me try to answer what I've seen so far. And I'll try to keep my > personal opinion out this time. > > It is pretty obvious Ivy is used today and maybe even loved by > some. This is great for any project. > > As is probably true with all volunteer based open source projects people > come and go as their interests and focus change. > > In the case of Ivy this unfortunately means it is not maintained well > today and this is not going to change with the current set of Ant > developers. All of us work on Ant in our spare time and we've picked > developing Ant for several different reasons - none of these reasons > seem to apply to Ivy for anybody of us. > > It is not my intention to kill Ivy. Not at all. But if maintenance of > Ivy is left with the current set of Ant developers this is what is > likely going to happen, eventually. > > It just seemed to be fair to inform Ivy's users about the current > state. > > Cheers > > Stefan >
Re: Future of Ivy and IvyDE
On 2023-08-22, Jason Guild wrote:
> I can confirm that in the not very distant past there were multiple
> people (including myself) who submitted pull requests for Ivy to both
> make improvements as well as address bugs. They were left to rot for
> far too long.
This is unfortunate. In a way this may have happened because nobody is
left around who'd be able to acually verify your changes. This is not
what it should have been, but it happened. And I'm not sure it wouldn't
happen again.
> It was frustrating to me that even a very simple patch required both a
> debate on its utility and then navigating pedantries on the coding
> approach before then taking nearly two years to get merged and
> incorporated into a release.
Ouch. And sorry for that.
> I feel that people who were trying to get started maintaining Ivy,
> like myself, were simply put off by unresponsive
> committers. Absolutely I understand there is a lacking in capacity of
> people to verify changes but the situation, at least with me, felt
> like simple gatekeeping.
It is good you say this, Jason. Believe me, it is not
gatekeeping. Nobody is around anymore who'd want to stand at the gate at
all.
And I'm not sure how to move forward. "giving the keys to people who
want them" sounds a lot simpler than it may be in the end.
> I would really appreciate an update site for Ivy though as I've
> wondered how I can upgrade my IDE, easily, to use Ivy 2.5.{1,2}.
> It would be great if the existing update site for IvyDE [0] could at
> least be updated for the artifacts we have.
I have built the 2.5.{1,2} releases. I have no idea what an update site
is and how to create one. OK, I do have a vague idea what it is, but
absolutely no idea how to create one.
If you (or anybody else) can coach me through the process of creating an
update site starting with a jar and nothing else, then I'm game. Being
able to verify the thing actually works would be great. Bonus points if
I don't need to install anything I wouldn't use otherwise.
Stefan
-
To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org
For additional commands, e-mail: dev-h...@ant.apache.org
Re: Future of Ivy and IvyDE
Hi sorry for my bad timing sending out an email and then being unbale to answer for days. This is not what I intended. Let me try to answer what I've seen so far. And I'll try to keep my personal opinion out this time. It is pretty obvious Ivy is used today and maybe even loved by some. This is great for any project. As is probably true with all volunteer based open source projects people come and go as their interests and focus change. In the case of Ivy this unfortunately means it is not maintained well today and this is not going to change with the current set of Ant developers. All of us work on Ant in our spare time and we've picked developing Ant for several different reasons - none of these reasons seem to apply to Ivy for anybody of us. It is not my intention to kill Ivy. Not at all. But if maintenance of Ivy is left with the current set of Ant developers this is what is likely going to happen, eventually. It just seemed to be fair to inform Ivy's users about the current state. Cheers Stefan - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
Re: [**EXTERNAL**] RE: Future of Ivy and IvyDE
This is sad news. Alarming? Perhaps. I guess most people using Ivy will be interested in knowing what's the best alternative to Ivy in the above scenario. I think for Ivy to live on you will need backing from organisations that are vested in using it in their critical projects and cannot afford to move to a different dependency management solution that easily i.e., there's a lock-in to it and additionally these orgs are willing to spare their own developers to maintain the Ivy codebase. On Tue, 22 Aug 2023, 23:52 Vladimir Grabarchuk, wrote: > I'd like to second the first two opinions regarding Ant and Ivy. > > I can't say that I'm very familiar with Maven, but from what I know, Ivy is > way superior to it (in my opinion, of course). At the expense of being more > complex, it is terser, customizable and, generally, more capable. > I've used it professionally and personally and am really hopeful it would > not be sacked. I also use IveDE (yes, Eclipse!) and like it quite a lot. > That said, if Ivy continues to live on, it will be pretty simple to use > just it (no IvyDE). > > Sadly, to paraphrase the old adage - fashion over function... > > Regards, > Vladimir > > On Tue, Aug 22, 2023 at 10:29 AM D'Anjou, Martin > > wrote: > > > Hi, > > > > I'd like to say that we're seriously considering migrating our dependency > > management from Gradle to Ivy because of the lack of branch support in > > Gradle's dependency management, and because we can't find a way to modify > > Gradle's dependency management without also changing its core. We can > > create a custom resolver in Ivy that supports our branch scenarios, and > > apparently without touching its core. > > > > So I hope Ivy has a future. > > > > Martin > > > > -Original Message- > > From: s.an...@infass.com.INVALID > > Sent: Tuesday, August 22, 2023 12:45 PM > > To: ivy-u...@ant.apache.org; dev@ant.apache.org > > Cc: u...@ant.apache.org > > Subject: [**EXTERNAL**] RE: Future of Ivy and IvyDE > > > > Hi, > > > > I can't really discuss how many developers use Ivy and how it is > difficult > > to maintain this project if there is not enough maintainers... > > > > But I can give hints about our usage in our companies: > > * We love "ant", it's for us a clear language syntax that can achieve our > > build processes like we want (and we have a good expertise about it) > > * We had need to move on more modern way to handle dependencies > > * We use ivy for that > > * We have a tight integration inside our custom CI chain and in our IDE. > > We didn't use IvyDE > > > > For sure, we know that "ant" is an older daddy inside the building tools > > area > > > > Ivy have their caveats but we are able to integrate it nicely inside our > > build chain. > > We can have 2 orientations: > > * Move to another build tool and don't use anymore ant > > * Move to another dependency tool usable by ant (at this date, I'm not > > sure, we have real alternative to Ivy) > > * Continue to use Ant + Ivy as long as we can > > > > What I can say : we appreciate the couple of ant + ivy and if possible we > > would love to continue to use them ! > > > > Sébastien. > > > > > > > > -Message d'origine- > > De : Stefan Bodewig Envoyé : mardi 22 août 2023 > > 18:02 À : dev@ant.apache.org Cc : u...@ant.apache.org; > > ivy-u...@ant.apache.org Objet : Future of Ivy and IvyDE > > > > Hi all > > > > before I get to the actual content of this mail: > > > > * I'm cross-posting to three lists but I ask you to keep responses to > > dev@ant only (and join the list if necessary) if you want to respond. > > > > * what I write is my personal opinion and not shared by the PMC as a > > whole. The people on the PMC know I'd be writing a mail like this > > sooner or later, though. > > > > * this is a discussion, not a vote. > > > > phew > > > > I'm not quite sure what I hope to achieve with this email, but I'd like > to > > share my thoughts - and raise the awareness of an elephant being in the > > room. > > > > Over the past year we've had three security vulnerabilities discovered in > > Ivy and it took us much too long to get them fixed. The reason for this > is > > there are no people left around who are familiar with the Ivy code base. > > Most of the remaining developers around Ant are not even users of Ivy - I
Re: Future of Ivy and IvyDE
Please read the following in full, as I am starting my argument not at Ivy itself, but it is still the focus of this response. I think the core shortcoming of Ant is its inability to bootstrap easily in a portable manner. You cannot simply use a build file and say 'go build' as you have to install Ant tasks to make that happen. I feel that ivy fixes this and does it in a fairly flexible way. If anything, I would start bundling ivy into ant and install it as default, including a prelude for fetching tasks from Maven central. For very low cost this achieves three things: 1. Makes ant builds more portable. 2. Gives Ivy more publicity and application. 3. Moves two strongly related projects closer together. As for IvyDE I would shelve it for the moment. Along the proposal above I can see a future for it as backing for a more capable Ant environment. JG On Wed, 23 Aug 2023 at 11:20, Jaikiran Pai wrote: > I agree with what Stefan notes in his mail. Some years back when I > started contributing to Ivy, I realized that the documentation (formal > or informal) related to the internal implementation details of Ivy is > non-existent. Sometimes I had to select a file, go over its commit > history then go read all JIRAs that were part of those commit logs and > even then, a lot of the information was either missing or outdated. At > that time, I used to use Ivy in some of our projects, so I could keep > refreshing with the code base and relate to it, so that whenever I had > to fix a bug or add something, I had the previous collected knowledge of > the Ivy code already fresh (to some extent) in my mind. It's now been > some years since I have used Ivy and I no longer have the Ivy codebase > knowledge in my mind. Like Stefan noted, these recent vulnerability > fixes took the Ant team a lot of time and energy to fix because of these > issues. Personally, I don't expect myself to have the ability to > continue contributing to Ivy. > > As for IvyDE, on the development front, it has seen no movement. I am > not even sure if it builds with the current Eclipse versions. I hadn't > contributed to it, but I remember that when releasing Ivy 2.5.0, it was > struggle to update the IvyDE update site. > > -Jaikiran > > On 22/08/23 9:32 pm, Stefan Bodewig wrote: > > Hi all > > > > before I get to the actual content of this mail: > > > > * I'm cross-posting to three lists but I ask you to keep responses to > >dev@ant only (and join the list if necessary) if you want to respond. > > > > * what I write is my personal opinion and not shared by the PMC as a > >whole. The people on the PMC know I'd be writing a mail like this > >sooner or later, though. > > > > * this is a discussion, not a vote. > > > > phew > > > > I'm not quite sure what I hope to achieve with this email, but I'd like > > to share my thoughts - and raise the awareness of an elephant being in > > the room. > > > > Over the past year we've had three security vulnerabilities discovered > > in Ivy and it took us much too long to get them fixed. The reason for > > this is there are no people left around who are familiar with the Ivy > > code base. Most of the remaining developers around Ant are not even > > users of Ivy - I know I am not and have never been. > > > > When it comes to IvyDE things are probably even worse as nobody of us > > uses Eclipse, either. But then again I've not managed to create an > > Eclipse update site for the last two Ivy releases so maybe nobody is > > using IvyDE anymore anyway. > > > > At least *I* don't see myself digging deeper into the Ivy code base in > > order to fix non-critical bugs. And even for the critical ones I feel we > > are not doing an adequate job. To me it looks as if Ivy and in > > particilar IvyDE are no longer really supported by the Ant project. > > > > TBH I'm not quite sure what to do about this. Even if people stepped up > > to maintain Ivy, the rest of the Ant devs would probably be unable to > > verify the changes they want to make. At least I certainly am not > > willing to review bigger PRs/patches to a code base I don't understand > > well. > > > > Personally I believe we should send IvyDE to the Apache Attic > > immediately, and this likely should be the destination for Ivy sooner or > > later as well. In the case of Ivy we know there are people who depend on > > it (hi, Groovy folks) so maybe we should give a date in the future until > > which we are providing security bug fixes to give people time to move > > off. > > > > There may be the need for a dependency management system inside of Ant, > > I'm not sure. If so, then this should be driven by people who feel the > > actual need IMO. There may already be alternatives to Ivy I am not aware > > of. > > > > Stefan > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org > > For additional commands, e-mail: dev-h...@ant.apache.org > > > >
Re: Future of Ivy and IvyDE
I agree with what Stefan notes in his mail. Some years back when I started contributing to Ivy, I realized that the documentation (formal or informal) related to the internal implementation details of Ivy is non-existent. Sometimes I had to select a file, go over its commit history then go read all JIRAs that were part of those commit logs and even then, a lot of the information was either missing or outdated. At that time, I used to use Ivy in some of our projects, so I could keep refreshing with the code base and relate to it, so that whenever I had to fix a bug or add something, I had the previous collected knowledge of the Ivy code already fresh (to some extent) in my mind. It's now been some years since I have used Ivy and I no longer have the Ivy codebase knowledge in my mind. Like Stefan noted, these recent vulnerability fixes took the Ant team a lot of time and energy to fix because of these issues. Personally, I don't expect myself to have the ability to continue contributing to Ivy. As for IvyDE, on the development front, it has seen no movement. I am not even sure if it builds with the current Eclipse versions. I hadn't contributed to it, but I remember that when releasing Ivy 2.5.0, it was struggle to update the IvyDE update site. -Jaikiran On 22/08/23 9:32 pm, Stefan Bodewig wrote: Hi all before I get to the actual content of this mail: * I'm cross-posting to three lists but I ask you to keep responses to dev@ant only (and join the list if necessary) if you want to respond. * what I write is my personal opinion and not shared by the PMC as a whole. The people on the PMC know I'd be writing a mail like this sooner or later, though. * this is a discussion, not a vote. phew I'm not quite sure what I hope to achieve with this email, but I'd like to share my thoughts - and raise the awareness of an elephant being in the room. Over the past year we've had three security vulnerabilities discovered in Ivy and it took us much too long to get them fixed. The reason for this is there are no people left around who are familiar with the Ivy code base. Most of the remaining developers around Ant are not even users of Ivy - I know I am not and have never been. When it comes to IvyDE things are probably even worse as nobody of us uses Eclipse, either. But then again I've not managed to create an Eclipse update site for the last two Ivy releases so maybe nobody is using IvyDE anymore anyway. At least *I* don't see myself digging deeper into the Ivy code base in order to fix non-critical bugs. And even for the critical ones I feel we are not doing an adequate job. To me it looks as if Ivy and in particilar IvyDE are no longer really supported by the Ant project. TBH I'm not quite sure what to do about this. Even if people stepped up to maintain Ivy, the rest of the Ant devs would probably be unable to verify the changes they want to make. At least I certainly am not willing to review bigger PRs/patches to a code base I don't understand well. Personally I believe we should send IvyDE to the Apache Attic immediately, and this likely should be the destination for Ivy sooner or later as well. In the case of Ivy we know there are people who depend on it (hi, Groovy folks) so maybe we should give a date in the future until which we are providing security bug fixes to give people time to move off. There may be the need for a dependency management system inside of Ant, I'm not sure. If so, then this should be driven by people who feel the actual need IMO. There may already be alternatives to Ivy I am not aware of. Stefan - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
Re: [**EXTERNAL**] RE: Future of Ivy and IvyDE
I'd like to second the first two opinions regarding Ant and Ivy. I can't say that I'm very familiar with Maven, but from what I know, Ivy is way superior to it (in my opinion, of course). At the expense of being more complex, it is terser, customizable and, generally, more capable. I've used it professionally and personally and am really hopeful it would not be sacked. I also use IveDE (yes, Eclipse!) and like it quite a lot. That said, if Ivy continues to live on, it will be pretty simple to use just it (no IvyDE). Sadly, to paraphrase the old adage - fashion over function... Regards, Vladimir On Tue, Aug 22, 2023 at 10:29 AM D'Anjou, Martin wrote: > Hi, > > I'd like to say that we're seriously considering migrating our dependency > management from Gradle to Ivy because of the lack of branch support in > Gradle's dependency management, and because we can't find a way to modify > Gradle's dependency management without also changing its core. We can > create a custom resolver in Ivy that supports our branch scenarios, and > apparently without touching its core. > > So I hope Ivy has a future. > > Martin > > -Original Message- > From: s.an...@infass.com.INVALID > Sent: Tuesday, August 22, 2023 12:45 PM > To: ivy-u...@ant.apache.org; dev@ant.apache.org > Cc: u...@ant.apache.org > Subject: [**EXTERNAL**] RE: Future of Ivy and IvyDE > > Hi, > > I can't really discuss how many developers use Ivy and how it is difficult > to maintain this project if there is not enough maintainers... > > But I can give hints about our usage in our companies: > * We love "ant", it's for us a clear language syntax that can achieve our > build processes like we want (and we have a good expertise about it) > * We had need to move on more modern way to handle dependencies > * We use ivy for that > * We have a tight integration inside our custom CI chain and in our IDE. > We didn't use IvyDE > > For sure, we know that "ant" is an older daddy inside the building tools > area > > Ivy have their caveats but we are able to integrate it nicely inside our > build chain. > We can have 2 orientations: > * Move to another build tool and don't use anymore ant > * Move to another dependency tool usable by ant (at this date, I'm not > sure, we have real alternative to Ivy) > * Continue to use Ant + Ivy as long as we can > > What I can say : we appreciate the couple of ant + ivy and if possible we > would love to continue to use them ! > > Sébastien. > > > > -Message d'origine- > De : Stefan Bodewig Envoyé : mardi 22 août 2023 > 18:02 À : dev@ant.apache.org Cc : u...@ant.apache.org; > ivy-u...@ant.apache.org Objet : Future of Ivy and IvyDE > > Hi all > > before I get to the actual content of this mail: > > * I'm cross-posting to three lists but I ask you to keep responses to > dev@ant only (and join the list if necessary) if you want to respond. > > * what I write is my personal opinion and not shared by the PMC as a > whole. The people on the PMC know I'd be writing a mail like this > sooner or later, though. > > * this is a discussion, not a vote. > > phew > > I'm not quite sure what I hope to achieve with this email, but I'd like to > share my thoughts - and raise the awareness of an elephant being in the > room. > > Over the past year we've had three security vulnerabilities discovered in > Ivy and it took us much too long to get them fixed. The reason for this is > there are no people left around who are familiar with the Ivy code base. > Most of the remaining developers around Ant are not even users of Ivy - I > know I am not and have never been. > > When it comes to IvyDE things are probably even worse as nobody of us uses > Eclipse, either. But then again I've not managed to create an Eclipse > update site for the last two Ivy releases so maybe nobody is using IvyDE > anymore anyway. > > At least *I* don't see myself digging deeper into the Ivy code base in > order to fix non-critical bugs. And even for the critical ones I feel we > are not doing an adequate job. To me it looks as if Ivy and in particilar > IvyDE are no longer really supported by the Ant project. > > TBH I'm not quite sure what to do about this. Even if people stepped up to > maintain Ivy, the rest of the Ant devs would probably be unable to verify > the changes they want to make. At least I certainly am not willing to > review bigger PRs/patches to a code base I don't understand well. > > Personally I believe we should send IvyDE to the Apache Attic immediately, > and this likely should be the destin
Re: Future of Ivy and IvyDE
Hi all:
IMO, it would be a shame to lose Ivy as a much simpler alternative to Maven.
It works well and I think there is very much still room for a dependency
management tool that focuses on just that and not all the other things
that Maven does. I am thankful for your work on it, Stefan.
I can confirm that in the not very distant past there were multiple
people (including myself) who submitted pull requests for Ivy to both
make improvements as well as address bugs. They were left to rot for far
too long. It was frustrating to me that even a very simple patch
required both a debate on its utility and then navigating pedantries on
the coding approach before then taking nearly two years to get merged
and incorporated into a release. I feel that people who were trying to
get started maintaining Ivy, like myself, were simply put off by
unresponsive committers. Absolutely I understand there is a lacking in
capacity of people to verify changes but the situation, at least with
me, felt like simple gatekeeping.
For users of Eclipse IDE, IvyDE is wonderful and works as advertised.
I've been using it successfully since 2010 or so and pretty much
considered it "finished". But given the lack of development on it over
the years though, I am actually surprised it's still functional in
current IDE releases and I've wondered when it will finally break. I
have looked at the IvyDE code in the past, it's not that much really,
and at one point I tried (rather half-heartedly) to get an IDE
development environment prepared and then just gave up...mostly because
developing for Eclipse was too much of a big moving target for me, and
also the code abstractions in place for such a modular and flexible IDE
were tough for me to follow concretely.
I would really appreciate an update site for Ivy though as I've wondered
how I can upgrade my IDE, easily, to use Ivy 2.5.{1,2}.
It would be great if the existing update site for IvyDE [0] could at
least be updated for the artifacts we have. There would very probably be
no issues with IvyDE 2.2.0 working just fine using the latest Ivy
release version.
I agree that it seems Ivy and IvyDE are not being supported adequately
by the Ant project.
And I wish that weren't the case because they are excellent tools.
Not sure what I hope to achieve either with my message above, but I felt
compelled to respond as a user who has appreciated Ivy and IvyDE for a
long time. Maybe I'm the only one left!
Jason
[0] |https://downloads.apache.org/ant/ivyde/updatesite/
RE: [**EXTERNAL**] RE: Future of Ivy and IvyDE
Hi, I'd like to say that we're seriously considering migrating our dependency management from Gradle to Ivy because of the lack of branch support in Gradle's dependency management, and because we can't find a way to modify Gradle's dependency management without also changing its core. We can create a custom resolver in Ivy that supports our branch scenarios, and apparently without touching its core. So I hope Ivy has a future. Martin -Original Message- From: s.an...@infass.com.INVALID Sent: Tuesday, August 22, 2023 12:45 PM To: ivy-u...@ant.apache.org; dev@ant.apache.org Cc: u...@ant.apache.org Subject: [**EXTERNAL**] RE: Future of Ivy and IvyDE Hi, I can't really discuss how many developers use Ivy and how it is difficult to maintain this project if there is not enough maintainers... But I can give hints about our usage in our companies: * We love "ant", it's for us a clear language syntax that can achieve our build processes like we want (and we have a good expertise about it) * We had need to move on more modern way to handle dependencies * We use ivy for that * We have a tight integration inside our custom CI chain and in our IDE. We didn't use IvyDE For sure, we know that "ant" is an older daddy inside the building tools area Ivy have their caveats but we are able to integrate it nicely inside our build chain. We can have 2 orientations: * Move to another build tool and don't use anymore ant * Move to another dependency tool usable by ant (at this date, I'm not sure, we have real alternative to Ivy) * Continue to use Ant + Ivy as long as we can What I can say : we appreciate the couple of ant + ivy and if possible we would love to continue to use them ! Sébastien. -Message d'origine- De : Stefan Bodewig Envoyé : mardi 22 août 2023 18:02 À : dev@ant.apache.org Cc : u...@ant.apache.org; ivy-u...@ant.apache.org Objet : Future of Ivy and IvyDE Hi all before I get to the actual content of this mail: * I'm cross-posting to three lists but I ask you to keep responses to dev@ant only (and join the list if necessary) if you want to respond. * what I write is my personal opinion and not shared by the PMC as a whole. The people on the PMC know I'd be writing a mail like this sooner or later, though. * this is a discussion, not a vote. phew I'm not quite sure what I hope to achieve with this email, but I'd like to share my thoughts - and raise the awareness of an elephant being in the room. Over the past year we've had three security vulnerabilities discovered in Ivy and it took us much too long to get them fixed. The reason for this is there are no people left around who are familiar with the Ivy code base. Most of the remaining developers around Ant are not even users of Ivy - I know I am not and have never been. When it comes to IvyDE things are probably even worse as nobody of us uses Eclipse, either. But then again I've not managed to create an Eclipse update site for the last two Ivy releases so maybe nobody is using IvyDE anymore anyway. At least *I* don't see myself digging deeper into the Ivy code base in order to fix non-critical bugs. And even for the critical ones I feel we are not doing an adequate job. To me it looks as if Ivy and in particilar IvyDE are no longer really supported by the Ant project. TBH I'm not quite sure what to do about this. Even if people stepped up to maintain Ivy, the rest of the Ant devs would probably be unable to verify the changes they want to make. At least I certainly am not willing to review bigger PRs/patches to a code base I don't understand well. Personally I believe we should send IvyDE to the Apache Attic immediately, and this likely should be the destination for Ivy sooner or later as well. In the case of Ivy we know there are people who depend on it (hi, Groovy folks) so maybe we should give a date in the future until which we are providing security bug fixes to give people time to move off. There may be the need for a dependency management system inside of Ant, I'm not sure. If so, then this should be driven by people who feel the actual need IMO. There may already be alternatives to Ivy I am not aware of. Stefan - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
RE: Future of Ivy and IvyDE
Hi, I can't really discuss how many developers use Ivy and how it is difficult to maintain this project if there is not enough maintainers... But I can give hints about our usage in our companies: * We love "ant", it's for us a clear language syntax that can achieve our build processes like we want (and we have a good expertise about it) * We had need to move on more modern way to handle dependencies * We use ivy for that * We have a tight integration inside our custom CI chain and in our IDE. We didn't use IvyDE For sure, we know that "ant" is an older daddy inside the building tools area Ivy have their caveats but we are able to integrate it nicely inside our build chain. We can have 2 orientations: * Move to another build tool and dont use anymore ant * Move to another dependency tool usable by ant (at this date, I'm not sure, we have real alternative to Ivy) * Continue to use Ant + Ivy as long as we can What I can say : we appreciate the couple of ant + ivy and if possible we would love to continue to use them ! Sébastien. -Message d'origine- De : Stefan Bodewig Envoyé : mardi 22 août 2023 18:02 À : dev@ant.apache.org Cc : u...@ant.apache.org; ivy-u...@ant.apache.org Objet : Future of Ivy and IvyDE Hi all before I get to the actual content of this mail: * I'm cross-posting to three lists but I ask you to keep responses to dev@ant only (and join the list if necessary) if you want to respond. * what I write is my personal opinion and not shared by the PMC as a whole. The people on the PMC know I'd be writing a mail like this sooner or later, though. * this is a discussion, not a vote. phew I'm not quite sure what I hope to achieve with this email, but I'd like to share my thoughts - and raise the awareness of an elephant being in the room. Over the past year we've had three security vulnerabilities discovered in Ivy and it took us much too long to get them fixed. The reason for this is there are no people left around who are familiar with the Ivy code base. Most of the remaining developers around Ant are not even users of Ivy - I know I am not and have never been. When it comes to IvyDE things are probably even worse as nobody of us uses Eclipse, either. But then again I've not managed to create an Eclipse update site for the last two Ivy releases so maybe nobody is using IvyDE anymore anyway. At least *I* don't see myself digging deeper into the Ivy code base in order to fix non-critical bugs. And even for the critical ones I feel we are not doing an adequate job. To me it looks as if Ivy and in particilar IvyDE are no longer really supported by the Ant project. TBH I'm not quite sure what to do about this. Even if people stepped up to maintain Ivy, the rest of the Ant devs would probably be unable to verify the changes they want to make. At least I certainly am not willing to review bigger PRs/patches to a code base I don't understand well. Personally I believe we should send IvyDE to the Apache Attic immediately, and this likely should be the destination for Ivy sooner or later as well. In the case of Ivy we know there are people who depend on it (hi, Groovy folks) so maybe we should give a date in the future until which we are providing security bug fixes to give people time to move off. There may be the need for a dependency management system inside of Ant, I'm not sure. If so, then this should be driven by people who feel the actual need IMO. There may already be alternatives to Ivy I am not aware of. Stefan - To unsubscribe, e-mail: dev-unsubscr...@ant.apache.org For additional commands, e-mail: dev-h...@ant.apache.org
