The difference is the OSGi manifests and jar signatures.
Since we integrate with the rest of the Eclipse ecosystem as an OSGi component, we have to "play nice" with the rest of the projects at
eclipse.org.
The Orbit dependency is also signed by the Eclipse Foundation, suppressing the "unsigned" warning in eclipse when you attempt to install any eclipse component that uses the servlet-api.
You can think of the logic on which one to use like this.
if ( isProjectUsingOsgi() ) {
if ( isProjectEclipseCore() ) {
return "org.eclipse.jetty.orbit:javax.servlet:3.0.0.v201112011016"
} else {
return "javax.servlet:javax.servlet-api:3.0.1"
}
} else {
return "javax.servlet:javax.servlet-api:3.0.1"
}
Note: One important thing to point out..
Due to mass group dainbreaded-ness on the rest of the Eclipse ecosystem's part, the OSGi manifest for org.eclipse.jetty.orbit:javax.servlet:3.0.0.v201112011016 says
Export-Package: javax.servlet;version="2.6.0";uses:="javax.servlet.ann
otation,javax.servlet.descriptor",javax.servlet.annotation;version="2
.6.0";uses:="javax.servlet",javax.servlet.descriptor;version="2.6.0",
javax.servlet.http;version="2.6.0";uses:="javax.servlet",javax.servle
t.resources;version="2.6.0"
Bundle-Version: 3.0.0.v201112011016
While the one for javax.servlet:javax.servlet-api:3.0.1 says
Export-Package: javax.servlet;uses:="javax.servlet.descriptor,
javax.se
rvlet.annotation";version="3.0",javax.servlet.descriptor;version="3.0
",javax.servlet.annotation;uses:="javax.servlet";version="3.0",javax.
servlet.http;uses:="javax.servlet";version="3.0"
Yes, your eyes are not deceiving you. The orbit dependency does export itself as Servlet API version "2.6.0".