You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@rya.apache.org by "Aaron D. Mihalik" <aa...@gmail.com> on 2016/10/14 17:41:15 UTC
findbugs-annotations?
Anyone know where I can find a repo for this artifact:
com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
stephenc lists the Repositories here [1] but I can't find the latest
release in those mentioned repos (i.e. here [2] or here [3])
I don't think we'll have this resolved for RC2, but I'm hoping that's okay
because other projects depend on findbugs:jsr305 (i.e. hadoop and fluo).
--Aaron
[1]
http://stephenc.github.io/findbugs-annotations/distribution-management.html
[2]
https://oss.sonatype.org/content/repositories/releases/com/github/stephenc/findbugs/findbugs-annotations/
[3]
https://repo.maven.apache.org/maven2/com/github/stephenc/findbugs/findbugs-annotations/
Re: findbugs-annotations?
Posted by Josh Elser <jo...@gmail.com>.
My understanding is that you would still use javax.annotation.Nullable
(or any defined in JSR-305) in the code and then the implementation you
provide on the classpath would satisfy the implementation. Have you
tried out removing the findbugs version for the stephenc version at
runtime to see if things explode?
re: Phoenix, looks like I need to bash more heads. I had a multi-day
event recently fixing their licensing, but it appears that you found
something I had missed. Thanks for pointing it out. I think maybe the
findbugs dependency was just not removed...
https://github.com/apache/phoenix/blob/master/phoenix-core/pom.xml#L277-L280
Aaron D. Mihalik wrote:
> Josh,
>
> I put up a PR to move Rya to findbugs-annotations [1]. Besides removing
> some annotations, the biggest change was to go from "import
> javax.annotation.Nullable" to "import
> edu.umd.cs.findbugs.annotations.Nullable". Does that look correct?
>
> I went over to Apache Phoenix to see how they deal with the package names
> for the findbugs-annotations, and it appears that Phoenix still uses
> "javax.annotation.Nullable" and has a direct dependency on findbugs:jsr305
> [2].
>
> --Aaron
>
> [1] https://github.com/apache/incubator-rya/pull/115
> [2] https://github.com/apache/phoenix/blob/master/pom.xml#L864
>
>
> On Mon, Oct 17, 2016 at 2:58 PM Aaron D. Mihalik<aa...@gmail.com>
> wrote:
>
>> I meant "fluo has a transitive dependency on findbugs:jsr305". I agree
>> that findbugs-annotations is good and jsr305 is bad.
>>
>> On Mon, Oct 17, 2016 at 2:51 PM Puja Valiyil<pu...@gmail.com> wrote:
>>
>> Yea findbugs-annotations is not LGPL:
>> https://github.com/stephenc/findbugs-annotations
>> It appears to be apache 2, though aaron you should verify.
>>
>> On Mon, Oct 17, 2016 at 11:19 AM, Aaron D. Mihalik<
>> aaron.mihalik@gmail.com>
>> wrote:
>>
>>> fluo has a transitive dependency on findbugs-annotations, not direct.
>>>
>>> My issue is that
>> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
>>> isn't in maven central. I think it would be straightforward for us to
>>> exclude and replace with c.g.s.f:findbugs-annotations:3.0.1-1, but it's
>>> going to be difficult with earlier versions of
>>> c.g.s.f:findbugs-annotations.
>>>
>>> I'll take a closer look at it today, though.
>>>
>>> --Aaron
>>>
>>>
>>> On Sun, Oct 16, 2016 at 5:51 PM Josh Elser<jo...@gmail.com> wrote:
>>>
>>>> Also, over in Apache Phoenix, we're using
>>>> com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1. Maybe I gave
>>>> some bad advice on the GAV to use the first time around :)
>>>>
>>>> Josh Elser wrote:
>>>>> A (Maven) repo? It's published central -- you shouldn't have to do
>>>>> anything extra to get it. Sonatype is automatically mirrored to
>> central
>>>>> (like Apache is).
>>>>>
>>>>> Also, Fluo is depending on this directly? Or just transitively? I am
>>>>> hoping I did not miss it directly depending...
>>>>>
>>>>> No, it's not ok :). You're bundling code whose license is dodgy.
>> Either
>>>>> way you need to exclude the Findbugs' findbugs-annotations from these
>>>>> dependencies. Whether or not you replace in
>>> c.g.s.f:findbugs-annotations
>>>>> instead is up to you (not sure if you would run into problems)
>>>>>
>>>>> Aaron D. Mihalik wrote:
>>>>>> Anyone know where I can find a repo for this artifact:
>>>>>>
>>>>>> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
>>>>>>
>>>>>> stephenc lists the Repositories here [1] but I can't find the latest
>>>>>> release in those mentioned repos (i.e. here [2] or here [3])
>>>>>>
>>>>>> I don't think we'll have this resolved for RC2, but I'm hoping
>> that's
>>>>>> okay
>>>>>> because other projects depend on findbugs:jsr305 (i.e. hadoop and
>>> fluo).
>>>>>> --Aaron
>>>>>>
>>>>>>
>>>>>> [1]
>>>>>>
>>>> http://stephenc.github.io/findbugs-annotations/
>>> distribution-management.html
>>>>>> [2]
>>>>>>
>>>> https://oss.sonatype.org/content/repositories/releases/
>>> com/github/stephenc/findbugs/findbugs-annotations/
>>>>>> [3]
>>>>>>
>>>> https://repo.maven.apache.org/maven2/com/github/stephenc/
>>> findbugs/findbugs-annotations/
>>>>>>
>>
>
Re: findbugs-annotations?
Posted by "Aaron D. Mihalik" <aa...@gmail.com>.
Josh,
I put up a PR to move Rya to findbugs-annotations [1]. Besides removing
some annotations, the biggest change was to go from "import
javax.annotation.Nullable" to "import
edu.umd.cs.findbugs.annotations.Nullable". Does that look correct?
I went over to Apache Phoenix to see how they deal with the package names
for the findbugs-annotations, and it appears that Phoenix still uses
"javax.annotation.Nullable" and has a direct dependency on findbugs:jsr305
[2].
--Aaron
[1] https://github.com/apache/incubator-rya/pull/115
[2] https://github.com/apache/phoenix/blob/master/pom.xml#L864
On Mon, Oct 17, 2016 at 2:58 PM Aaron D. Mihalik <aa...@gmail.com>
wrote:
> I meant "fluo has a transitive dependency on findbugs:jsr305". I agree
> that findbugs-annotations is good and jsr305 is bad.
>
> On Mon, Oct 17, 2016 at 2:51 PM Puja Valiyil <pu...@gmail.com> wrote:
>
> Yea findbugs-annotations is not LGPL:
> https://github.com/stephenc/findbugs-annotations
> It appears to be apache 2, though aaron you should verify.
>
> On Mon, Oct 17, 2016 at 11:19 AM, Aaron D. Mihalik <
> aaron.mihalik@gmail.com>
> wrote:
>
> > fluo has a transitive dependency on findbugs-annotations, not direct.
> >
> > My issue is that
> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> > isn't in maven central. I think it would be straightforward for us to
> > exclude and replace with c.g.s.f:findbugs-annotations:3.0.1-1, but it's
> > going to be difficult with earlier versions of
> > c.g.s.f:findbugs-annotations.
> >
> > I'll take a closer look at it today, though.
> >
> > --Aaron
> >
> >
> > On Sun, Oct 16, 2016 at 5:51 PM Josh Elser <jo...@gmail.com> wrote:
> >
> > > Also, over in Apache Phoenix, we're using
> > > com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1. Maybe I gave
> > > some bad advice on the GAV to use the first time around :)
> > >
> > > Josh Elser wrote:
> > > > A (Maven) repo? It's published central -- you shouldn't have to do
> > > > anything extra to get it. Sonatype is automatically mirrored to
> central
> > > > (like Apache is).
> > > >
> > > > Also, Fluo is depending on this directly? Or just transitively? I am
> > > > hoping I did not miss it directly depending...
> > > >
> > > > No, it's not ok :). You're bundling code whose license is dodgy.
> Either
> > > > way you need to exclude the Findbugs' findbugs-annotations from these
> > > > dependencies. Whether or not you replace in
> > c.g.s.f:findbugs-annotations
> > > > instead is up to you (not sure if you would run into problems)
> > > >
> > > > Aaron D. Mihalik wrote:
> > > >> Anyone know where I can find a repo for this artifact:
> > > >>
> > > >> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> > > >>
> > > >> stephenc lists the Repositories here [1] but I can't find the latest
> > > >> release in those mentioned repos (i.e. here [2] or here [3])
> > > >>
> > > >> I don't think we'll have this resolved for RC2, but I'm hoping
> that's
> > > >> okay
> > > >> because other projects depend on findbugs:jsr305 (i.e. hadoop and
> > fluo).
> > > >>
> > > >> --Aaron
> > > >>
> > > >>
> > > >> [1]
> > > >>
> > > http://stephenc.github.io/findbugs-annotations/
> > distribution-management.html
> > > >>
> > > >> [2]
> > > >>
> > > https://oss.sonatype.org/content/repositories/releases/
> > com/github/stephenc/findbugs/findbugs-annotations/
> > > >>
> > > >> [3]
> > > >>
> > > https://repo.maven.apache.org/maven2/com/github/stephenc/
> > findbugs/findbugs-annotations/
> > > >>
> > > >>
> > >
> >
>
>
Re: findbugs-annotations?
Posted by "Aaron D. Mihalik" <aa...@gmail.com>.
I meant "fluo has a transitive dependency on findbugs:jsr305". I agree
that findbugs-annotations
is good and jsr305 is bad.
On Mon, Oct 17, 2016 at 2:51 PM Puja Valiyil <pu...@gmail.com> wrote:
> Yea findbugs-annotations is not LGPL:
> https://github.com/stephenc/findbugs-annotations
> It appears to be apache 2, though aaron you should verify.
>
> On Mon, Oct 17, 2016 at 11:19 AM, Aaron D. Mihalik <
> aaron.mihalik@gmail.com>
> wrote:
>
> > fluo has a transitive dependency on findbugs-annotations, not direct.
> >
> > My issue is that
> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> > isn't in maven central. I think it would be straightforward for us to
> > exclude and replace with c.g.s.f:findbugs-annotations:3.0.1-1, but it's
> > going to be difficult with earlier versions of
> > c.g.s.f:findbugs-annotations.
> >
> > I'll take a closer look at it today, though.
> >
> > --Aaron
> >
> >
> > On Sun, Oct 16, 2016 at 5:51 PM Josh Elser <jo...@gmail.com> wrote:
> >
> > > Also, over in Apache Phoenix, we're using
> > > com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1. Maybe I gave
> > > some bad advice on the GAV to use the first time around :)
> > >
> > > Josh Elser wrote:
> > > > A (Maven) repo? It's published central -- you shouldn't have to do
> > > > anything extra to get it. Sonatype is automatically mirrored to
> central
> > > > (like Apache is).
> > > >
> > > > Also, Fluo is depending on this directly? Or just transitively? I am
> > > > hoping I did not miss it directly depending...
> > > >
> > > > No, it's not ok :). You're bundling code whose license is dodgy.
> Either
> > > > way you need to exclude the Findbugs' findbugs-annotations from these
> > > > dependencies. Whether or not you replace in
> > c.g.s.f:findbugs-annotations
> > > > instead is up to you (not sure if you would run into problems)
> > > >
> > > > Aaron D. Mihalik wrote:
> > > >> Anyone know where I can find a repo for this artifact:
> > > >>
> > > >> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> > > >>
> > > >> stephenc lists the Repositories here [1] but I can't find the latest
> > > >> release in those mentioned repos (i.e. here [2] or here [3])
> > > >>
> > > >> I don't think we'll have this resolved for RC2, but I'm hoping
> that's
> > > >> okay
> > > >> because other projects depend on findbugs:jsr305 (i.e. hadoop and
> > fluo).
> > > >>
> > > >> --Aaron
> > > >>
> > > >>
> > > >> [1]
> > > >>
> > > http://stephenc.github.io/findbugs-annotations/
> > distribution-management.html
> > > >>
> > > >> [2]
> > > >>
> > > https://oss.sonatype.org/content/repositories/releases/
> > com/github/stephenc/findbugs/findbugs-annotations/
> > > >>
> > > >> [3]
> > > >>
> > > https://repo.maven.apache.org/maven2/com/github/stephenc/
> > findbugs/findbugs-annotations/
> > > >>
> > > >>
> > >
> >
>
Re: findbugs-annotations?
Posted by Puja Valiyil <pu...@gmail.com>.
Yea findbugs-annotations is not LGPL:
https://github.com/stephenc/findbugs-annotations
It appears to be apache 2, though aaron you should verify.
On Mon, Oct 17, 2016 at 11:19 AM, Aaron D. Mihalik <aa...@gmail.com>
wrote:
> fluo has a transitive dependency on findbugs-annotations, not direct.
>
> My issue is that com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> isn't in maven central. I think it would be straightforward for us to
> exclude and replace with c.g.s.f:findbugs-annotations:3.0.1-1, but it's
> going to be difficult with earlier versions of
> c.g.s.f:findbugs-annotations.
>
> I'll take a closer look at it today, though.
>
> --Aaron
>
>
> On Sun, Oct 16, 2016 at 5:51 PM Josh Elser <jo...@gmail.com> wrote:
>
> > Also, over in Apache Phoenix, we're using
> > com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1. Maybe I gave
> > some bad advice on the GAV to use the first time around :)
> >
> > Josh Elser wrote:
> > > A (Maven) repo? It's published central -- you shouldn't have to do
> > > anything extra to get it. Sonatype is automatically mirrored to central
> > > (like Apache is).
> > >
> > > Also, Fluo is depending on this directly? Or just transitively? I am
> > > hoping I did not miss it directly depending...
> > >
> > > No, it's not ok :). You're bundling code whose license is dodgy. Either
> > > way you need to exclude the Findbugs' findbugs-annotations from these
> > > dependencies. Whether or not you replace in
> c.g.s.f:findbugs-annotations
> > > instead is up to you (not sure if you would run into problems)
> > >
> > > Aaron D. Mihalik wrote:
> > >> Anyone know where I can find a repo for this artifact:
> > >>
> > >> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> > >>
> > >> stephenc lists the Repositories here [1] but I can't find the latest
> > >> release in those mentioned repos (i.e. here [2] or here [3])
> > >>
> > >> I don't think we'll have this resolved for RC2, but I'm hoping that's
> > >> okay
> > >> because other projects depend on findbugs:jsr305 (i.e. hadoop and
> fluo).
> > >>
> > >> --Aaron
> > >>
> > >>
> > >> [1]
> > >>
> > http://stephenc.github.io/findbugs-annotations/
> distribution-management.html
> > >>
> > >> [2]
> > >>
> > https://oss.sonatype.org/content/repositories/releases/
> com/github/stephenc/findbugs/findbugs-annotations/
> > >>
> > >> [3]
> > >>
> > https://repo.maven.apache.org/maven2/com/github/stephenc/
> findbugs/findbugs-annotations/
> > >>
> > >>
> >
>
Re: findbugs-annotations?
Posted by "Aaron D. Mihalik" <aa...@gmail.com>.
fluo has a transitive dependency on findbugs-annotations, not direct.
My issue is that com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
isn't in maven central. I think it would be straightforward for us to
exclude and replace with c.g.s.f:findbugs-annotations:3.0.1-1, but it's
going to be difficult with earlier versions of c.g.s.f:findbugs-annotations.
I'll take a closer look at it today, though.
--Aaron
On Sun, Oct 16, 2016 at 5:51 PM Josh Elser <jo...@gmail.com> wrote:
> Also, over in Apache Phoenix, we're using
> com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1. Maybe I gave
> some bad advice on the GAV to use the first time around :)
>
> Josh Elser wrote:
> > A (Maven) repo? It's published central -- you shouldn't have to do
> > anything extra to get it. Sonatype is automatically mirrored to central
> > (like Apache is).
> >
> > Also, Fluo is depending on this directly? Or just transitively? I am
> > hoping I did not miss it directly depending...
> >
> > No, it's not ok :). You're bundling code whose license is dodgy. Either
> > way you need to exclude the Findbugs' findbugs-annotations from these
> > dependencies. Whether or not you replace in c.g.s.f:findbugs-annotations
> > instead is up to you (not sure if you would run into problems)
> >
> > Aaron D. Mihalik wrote:
> >> Anyone know where I can find a repo for this artifact:
> >>
> >> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
> >>
> >> stephenc lists the Repositories here [1] but I can't find the latest
> >> release in those mentioned repos (i.e. here [2] or here [3])
> >>
> >> I don't think we'll have this resolved for RC2, but I'm hoping that's
> >> okay
> >> because other projects depend on findbugs:jsr305 (i.e. hadoop and fluo).
> >>
> >> --Aaron
> >>
> >>
> >> [1]
> >>
> http://stephenc.github.io/findbugs-annotations/distribution-management.html
> >>
> >> [2]
> >>
> https://oss.sonatype.org/content/repositories/releases/com/github/stephenc/findbugs/findbugs-annotations/
> >>
> >> [3]
> >>
> https://repo.maven.apache.org/maven2/com/github/stephenc/findbugs/findbugs-annotations/
> >>
> >>
>
Re: findbugs-annotations?
Posted by Josh Elser <jo...@gmail.com>.
Also, over in Apache Phoenix, we're using
com.github.stephenc.findbugs:findbugs-annotations:1.3.9-1. Maybe I gave
some bad advice on the GAV to use the first time around :)
Josh Elser wrote:
> A (Maven) repo? It's published central -- you shouldn't have to do
> anything extra to get it. Sonatype is automatically mirrored to central
> (like Apache is).
>
> Also, Fluo is depending on this directly? Or just transitively? I am
> hoping I did not miss it directly depending...
>
> No, it's not ok :). You're bundling code whose license is dodgy. Either
> way you need to exclude the Findbugs' findbugs-annotations from these
> dependencies. Whether or not you replace in c.g.s.f:findbugs-annotations
> instead is up to you (not sure if you would run into problems)
>
> Aaron D. Mihalik wrote:
>> Anyone know where I can find a repo for this artifact:
>>
>> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
>>
>> stephenc lists the Repositories here [1] but I can't find the latest
>> release in those mentioned repos (i.e. here [2] or here [3])
>>
>> I don't think we'll have this resolved for RC2, but I'm hoping that's
>> okay
>> because other projects depend on findbugs:jsr305 (i.e. hadoop and fluo).
>>
>> --Aaron
>>
>>
>> [1]
>> http://stephenc.github.io/findbugs-annotations/distribution-management.html
>>
>> [2]
>> https://oss.sonatype.org/content/repositories/releases/com/github/stephenc/findbugs/findbugs-annotations/
>>
>> [3]
>> https://repo.maven.apache.org/maven2/com/github/stephenc/findbugs/findbugs-annotations/
>>
>>
Re: findbugs-annotations?
Posted by Josh Elser <jo...@gmail.com>.
A (Maven) repo? It's published central -- you shouldn't have to do
anything extra to get it. Sonatype is automatically mirrored to central
(like Apache is).
Also, Fluo is depending on this directly? Or just transitively? I am
hoping I did not miss it directly depending...
No, it's not ok :). You're bundling code whose license is dodgy. Either
way you need to exclude the Findbugs' findbugs-annotations from these
dependencies. Whether or not you replace in c.g.s.f:findbugs-annotations
instead is up to you (not sure if you would run into problems)
Aaron D. Mihalik wrote:
> Anyone know where I can find a repo for this artifact:
>
> com.github.stephenc.findbugs:findbugs-annotations:3.0.1-1
>
> stephenc lists the Repositories here [1] but I can't find the latest
> release in those mentioned repos (i.e. here [2] or here [3])
>
> I don't think we'll have this resolved for RC2, but I'm hoping that's okay
> because other projects depend on findbugs:jsr305 (i.e. hadoop and fluo).
>
> --Aaron
>
>
> [1]
> http://stephenc.github.io/findbugs-annotations/distribution-management.html
> [2]
> https://oss.sonatype.org/content/repositories/releases/com/github/stephenc/findbugs/findbugs-annotations/
> [3]
> https://repo.maven.apache.org/maven2/com/github/stephenc/findbugs/findbugs-annotations/
>