You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Abe Ratnofsky (Jira)" <ji...@apache.org> on 2022/07/13 00:14:00 UTC

[jira] [Commented] (CASSANDRA-17750) Remove dependency on Maven Ant Tasks

    [ https://issues.apache.org/jira/browse/CASSANDRA-17750?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17566075#comment-17566075 ] 

Abe Ratnofsky commented on CASSANDRA-17750:
-------------------------------------------

Here's a branch with fixes targeting cassandra-4.1: [https://github.com/apache/cassandra/compare/cassandra-4.1...aratno:cassandra:CASSANDRA-17750-remote-maven-ant-tasks]

 

[~dcapwell] and [~mck] would you be able to take a look?

 

I've tested that builds still succeed, and this commit reflects what I've changed in the POMs from what is generated by ant _write-poms: [https://github.com/aratno/cassandra/commit/f80da9bc67a468c2b89d4c9d02464a34715642f8]

> Remove dependency on Maven Ant Tasks
> ------------------------------------
>
>                 Key: CASSANDRA-17750
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17750
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Build, Dependencies, Packaging
>            Reporter: Abe Ratnofsky
>            Assignee: Abe Ratnofsky
>            Priority: Normal
>              Labels: patch-pending
>             Fix For: 4.x
>
>
> Apache Cassandra depends on Maven Ant Tasks (MAT) during build, for declaring dependencies and generating POM files from within build.xml. MAT has long been retired (no commits since maintenance in 2015), has registered CVEs in dependencies (CVE-2017-1000487), and encourages migration to its successor, Maven Artifact Resolver Ant Tasks (MARAT).
> As part of CASSANDRA-16391 <https://issues.apache.org/jira/browse/CASSANDRA-16391>, mck migrated dependency resolution to MARAT, but MAT is still included in our build for generating POMs since MARAT does not have an alternative to the writepom task provided by MAT. I have a patch ready that removes MAT completely, with a workaround for POM generation.
> I am not advocating for any kind of migration away from Ant to an alternative like Gradle or Maven, just to be extra clear.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org