[security-dev] PicketLink3 and Apache Deltaspike Dependencies
Anil Saldhana
Anil.Saldhana at redhat.com
Wed Feb 13 11:25:52 EST 2013
Hi all,
PicketLink3 is on the final stretch of release cycles. One of the
concerns I have had is the Apache Deltaspike dependency which is some
type of incubating snapshot. Since there are very few Deltaspike classes
(3-5 in number) that we depend on, the following strategy should work:
- Copy the source files (Retaining Apache Headers) as it is from Apache
Deltaspike to a PicketLink namespace such as : org.picketlink.deltaspike.*
- Remove the Apache Deltaspike dependency.
In few months, when Apache Deltaspike has proper releases, we can remove
the PicketLink Deltaspike forked classes and bring back the Apache
Deltaspike dependency back. I do not think PicketLink users will
directly code to DS classes.
I ran this with Pete Muir, Shane and Jason Porter and they all agreed
that this is a good strategy (I did refine the strategy based on Shane's
comments).
Regards,
Anil
More information about the security-dev
mailing list