[security-dev] PicketLink3 and Apache Deltaspike Dependencies

Pete Muir pmuir at redhat.com
Fri Feb 15 10:09:51 EST 2013


I'll try to talk to Shane synchronously, as I think this is possible.

On 15 Feb 2013, at 14:54, Anil Saldhana wrote:

> I think I brought over more classes than PL core needed. But things were 
> broken at runtime.  Shane took a look and said that we will pull more 
> core DS classes if we bring the additional security related classes that 
> I missed.  So we decided to revert and think of a plan B. :)
> 
> On 02/15/2013 05:49 AM, Pete Muir wrote:
>> Does this commit cover everything, or did you need more?
>> 
>> https://github.com/picketlink/picketlink/commit/2a9d1894dc1e15320d227377c2dd3372651377c0
>> 
>> Particularly the config stuff and project stage stuff I would expect us to be able remove the need for.
>> 
>> On 15 Feb 2013, at 04:34, Jason Porter wrote:
>> 
>>> It may not be the best option, but we should probably stick with v0.3 for now.
>>> 
>>> Sent from my iPhone
>>> 
>>> On Feb 14, 2013, at 18:31, Anil Saldhana <asaldhan at redhat.com> wrote:
>>> 
>>>> Nothing needed.
>>>> 
>>>> On Feb 14, 2013, at 6:47 PM, Jason Porter <lightguard.jp at gmail.com> wrote:
>>>> 
>>>>> Is there anything in v0.4 you need, or can you simply get by with v0.3
>>>>> 
>>>>> Sent from my iPhone
>>>>> 
>>>>> On Feb 14, 2013, at 17:29, Anil Saldhana <Anil.Saldhana at redhat.com> wrote:
>>>>> 
>>>>>> Scratch this plan.  Shane and I determined that this is larger than we
>>>>>> originally thought -> lots of DS classes need to be forked.
>>>>>> 
>>>>>> 
>>>>>> On 02/13/2013 10:25 AM, Anil Saldhana wrote:
>>>>>>> Hi all,
>>>>>>> PicketLink3 is on the final stretch of release cycles.  One of the
>>>>>>> concerns I have had is the Apache Deltaspike dependency which is some
>>>>>>> type of incubating snapshot. Since there are very few Deltaspike classes
>>>>>>> (3-5 in number) that we depend on, the following strategy should work:
>>>>>>> - Copy the source files (Retaining Apache Headers) as it is from Apache
>>>>>>> Deltaspike to a PicketLink namespace such as : org.picketlink.deltaspike.*
>>>>>>> - Remove the Apache Deltaspike dependency.
>>>>>>> 
>>>>>>> In few months, when Apache Deltaspike has proper releases, we can remove
>>>>>>> the PicketLink Deltaspike forked classes and bring back the Apache
>>>>>>> Deltaspike dependency back.  I do not think PicketLink users will
>>>>>>> directly code to DS classes.
>>>>>>> 
>>>>>>> I ran this with Pete Muir, Shane and Jason Porter and they all agreed
>>>>>>> that this is a good strategy (I did refine the strategy based on Shane's
>>>>>>> comments).
>>>>>>> 
>>>>>>> Regards,
>>>>>>> Anil
>>>>>> 
> _______________________________________________
> security-dev mailing list
> security-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/security-dev




More information about the security-dev mailing list