[security-dev] PicketLink3 and Apache Deltaspike Dependencies

Anil Saldhana Anil.Saldhana at redhat.com
Fri Feb 15 09:54:45 EST 2013 

I think I brought over more classes than PL core needed. But things were 
broken at runtime.  Shane took a look and said that we will pull more 
core DS classes if we bring the additional security related classes that 
I missed.  So we decided to revert and think of a plan B. :)

On 02/15/2013 05:49 AM, Pete Muir wrote:
> Does this commit cover everything, or did you need more?
>
> https://github.com/picketlink/picketlink/commit/2a9d1894dc1e15320d227377c2dd3372651377c0
>
> Particularly the config stuff and project stage stuff I would expect us to be able remove the need for.
>
> On 15 Feb 2013, at 04:34, Jason Porter wrote:
>
>> It may not be the best option, but we should probably stick with v0.3 for now.
>>
>> Sent from my iPhone
>>
>> On Feb 14, 2013, at 18:31, Anil Saldhana <asaldhan at redhat.com> wrote:
>>
>>> Nothing needed.
>>>
>>> On Feb 14, 2013, at 6:47 PM, Jason Porter <lightguard.jp at gmail.com> wrote:
>>>
>>>> Is there anything in v0.4 you need, or can you simply get by with v0.3
>>>>
>>>> Sent from my iPhone
>>>>
>>>> On Feb 14, 2013, at 17:29, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
>>>>
>>>>> Scratch this plan.  Shane and I determined that this is larger than we
>>>>> originally thought -> lots of DS classes need to be forked.
>>>>>
>>>>>
>>>>> On 02/13/2013 10:25 AM, Anil Saldhana wrote:
>>>>>> Hi all,
>>>>>> PicketLink3 is on the final stretch of release cycles.  One of the
>>>>>> concerns I have had is the Apache Deltaspike dependency which is some
>>>>>> type of incubating snapshot. Since there are very few Deltaspike classes
>>>>>> (3-5 in number) that we depend on, the following strategy should work:
>>>>>> - Copy the source files (Retaining Apache Headers) as it is from Apache
>>>>>> Deltaspike to a PicketLink namespace such as : org.picketlink.deltaspike.*
>>>>>> - Remove the Apache Deltaspike dependency.
>>>>>>
>>>>>> In few months, when Apache Deltaspike has proper releases, we can remove
>>>>>> the PicketLink Deltaspike forked classes and bring back the Apache
>>>>>> Deltaspike dependency back.  I do not think PicketLink users will
>>>>>> directly code to DS classes.
>>>>>>
>>>>>> I ran this with Pete Muir, Shane and Jason Porter and they all agreed
>>>>>> that this is a good strategy (I did refine the strategy based on Shane's
>>>>>> comments).
>>>>>>
>>>>>> Regards,
>>>>>> Anil
>>>>>

More information about the security-dev mailing list