[security-dev] PicketLink3 and Apache Deltaspike Dependencies
Pete Muir
pmuir at redhat.com
Fri Feb 15 10:09:51 EST 2013
I'll try to talk to Shane synchronously, as I think this is possible.
On 15 Feb 2013, at 14:54, Anil Saldhana wrote:
> I think I brought over more classes than PL core needed. But things were
> broken at runtime. Shane took a look and said that we will pull more
> core DS classes if we bring the additional security related classes that
> I missed. So we decided to revert and think of a plan B. :)
>
> On 02/15/2013 05:49 AM, Pete Muir wrote:
>> Does this commit cover everything, or did you need more?
>>
>> https://github.com/picketlink/picketlink/commit/2a9d1894dc1e15320d227377c2dd3372651377c0
>>
>> Particularly the config stuff and project stage stuff I would expect us to be able remove the need for.
>>
>> On 15 Feb 2013, at 04:34, Jason Porter wrote:
>>
>>> It may not be the best option, but we should probably stick with v0.3 for now.
>>>
>>> Sent from my iPhone
>>>
>>> On Feb 14, 2013, at 18:31, Anil Saldhana <asaldhan at redhat.com> wrote:
>>>
>>>> Nothing needed.
>>>>
>>>> On Feb 14, 2013, at 6:47 PM, Jason Porter <lightguard.jp at gmail.com> wrote:
>>>>
>>>>> Is there anything in v0.4 you need, or can you simply get by with v0.3
>>>>>
>>>>> Sent from my iPhone
>>>>>
>>>>> On Feb 14, 2013, at 17:29, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
>>>>>
>>>>>> Scratch this plan. Shane and I determined that this is larger than we
>>>>>> originally thought -> lots of DS classes need to be forked.
>>>>>>
>>>>>>
>>>>>> On 02/13/2013 10:25 AM, Anil Saldhana wrote:
>>>>>>> Hi all,
>>>>>>> PicketLink3 is on the final stretch of release cycles. One of the
>>>>>>> concerns I have had is the Apache Deltaspike dependency which is some
>>>>>>> type of incubating snapshot. Since there are very few Deltaspike classes
>>>>>>> (3-5 in number) that we depend on, the following strategy should work:
>>>>>>> - Copy the source files (Retaining Apache Headers) as it is from Apache
>>>>>>> Deltaspike to a PicketLink namespace such as : org.picketlink.deltaspike.*
>>>>>>> - Remove the Apache Deltaspike dependency.
>>>>>>>
>>>>>>> In few months, when Apache Deltaspike has proper releases, we can remove
>>>>>>> the PicketLink Deltaspike forked classes and bring back the Apache
>>>>>>> Deltaspike dependency back. I do not think PicketLink users will
>>>>>>> directly code to DS classes.
>>>>>>>
>>>>>>> I ran this with Pete Muir, Shane and Jason Porter and they all agreed
>>>>>>> that this is a good strategy (I did refine the strategy based on Shane's
>>>>>>> comments).
>>>>>>>
>>>>>>> Regards,
>>>>>>> Anil
>>>>>>
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev
More information about the security-dev
mailing list