I think this list is mostly fine. Are there any particular features of Java 11 that you’re wanting to use? I’d like to avoid introducing any new runtime dependencies for the time being, so that integrators on Java 8 can continue to consume Wikitext as a library.
I want to move to Java 11 in order to :
* Get rid of guava - Sets/List/Map.of is the direct replacement for majority usages of guava's Immutable*, I haven't looked into more details but there are probably other guava usages that can be replaced with Java 11 features. Nowadays Java is causing more troubles by contributing multiple guava versions to simrel, cause us to deal with CVEs and etc. for very little benefit (if any). It should be possible to keep up with guava updates but IMHO it's more work and requires persistent monitoring so project doesn't fail on it again - a task which no one signed for in the last years.
* Build with latest Tycho - this requires Java 11 as a build JVM but it shouldn't be an issue as source/target are set to Java 1.8 already. Latest Tycho has support for referencing maven deps directly so it should be possible to simplify the build system which relies heavily on maven-invoker-plugin to fork maven calls and it even relies on really old versions of invoker plugin which gives only a warning for the "shady" practices and newer one no longer supports.
* Eclipse plugins is nice to stay similar to rest of simrel so they can make usage of changes
* Last but not least - If a project wants to stay alive it's critical to make it possible so students can't start over using their knowledge from university without bothering with old things - or majority just won't bother even consider such a possibility.
If the majority vote is to stay at Java 8 for non Eclipse plugins parts (I take moving these is non questionable) for me it would mean the project continues shipping guava with cves as updating guava versions requires changes in other mylyn subprojects which becomes a non-feasible task.
I’d also like to add to your list an upgrade of the JSoup library. I have
https://nvd.nist.gov/vuln/detail/CVE-2021-37714 on my radar as something that needs to be addressed, but for this we’ll have to introduce a new JSoup to Orbit. From what I can tell we may be the only Eclipse project using JSoup, as the previous contributions to Orbit came from our past project lead.
- Leo
Hey everyone,
I would like to do the following in the project:
* Update to latest simrel Guava so users don't get ancient CVE-full version
* Update to Java 11 as a minimum
* Update to latest Eclipse platform as dependency
Is anyone against these directions?
--
Aleksandar Kurtakov
Red Hat Eclipse Team
_______________________________________________
mylyn-docs-dev mailing list
mylyn-docs-dev@xxxxxxxxxxxTo unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/mylyn-docs-dev
--
Leo Dos Santos
Senior Software Engineer, Tasktop Integrations
_______________________________________________
mylyn-docs-dev mailing list
mylyn-docs-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/mylyn-docs-dev