io.quarkus:quarkus-bom's entries should exclude banned artifacts #30813
Comments
|
cc @aloubyansky |
|
I think we need to be extremely cautious about that as it could become a nightmare for users. I agree it's better if they can exclude things but I'm worried it could be a major pain for some projects. |
|
What we should take into account is that our BOMs are not enforced exclusively on our extensions but also on other libraries in application projects. We should probably categories excluded dependencies: those that are required to be excluded to guarantee the proper classpath for our extensions and those that won't hurt our extensions if still present. While a Quarkus extension may exclude a certain dependency because it's not relevant it may break other libraries in the app dependency tree. I'd be careful moving all the exclusions to the BOMs w/o further analysis. |
|
Oh sorry, I misunderstood what you said. |
Well, I'd see our BOMs as being there primarily for managing our extensions and their transitives for the sake of reliability and reproducibility. If end users want do do something beyond our scope, they are free to do it on their own (by managing or re-adding dependecies we exclude). I agree that there may exist artifacts that are banned in Quarkus source tree (for good reasons) but do not necessarily be banned from end user apps. Javassist comes to my mind as an example. I believe these are rather rare. The vast majority of banned artifacts should be excluded from the BOM. It would be nice to have two separate rule files for the two categories. |
|
#31414 is a tiny manual step towards the goal to automatically exclude all (or selected) banned dependencies. |
Description
This is a generalization of #26468 and #26468 where @rsvoboda is asking for moving some specific exclusions from extension modules to quarkus-bom.
Implementation ideas
It would be nice if the tool used for BOM flattening could take the banned dependencies defined in independent-projects/enforcer-rules/.../quarkus-banned-dependencies.xml into account and add the exclusions as needed to the BOM.
The text was updated successfully, but these errors were encountered: