Update sites' jars should be semver compatible with Fiji/ImageJ #30
Comments
|
More generally, we probably want to prevent any update site with shadowed JARs from overwriting ImageJ (and eventually Fiji) core JAR files, if the shadowed versions are older. For example, the LLTT update site is currently broken because it ships outdated snapshots of ImgLib2. Even if we had a rule preventing upload of currently-out-of-date dependencies, they might still become out of date later, when we release, deploy and upload newer versions of those libraries to the core ImageJ & Fiji update sites, leaving the update site in question in the dust. Anyone who enables that update site after that point would be in for an unpleasant experience. |
|
The other possibility that @dscho and I discussed F2F is enforcing these rules not for core ImageJ and Fiji specifically, but rather for any libraries matching the SemVer versioning convention. But it gets tricky. I guess one question is: how do we want to manage update sites which depend on other update sites? Because that's what this issue really comes down to... |
We should enforce that dependencies included in update sites do not shadow libraries from the Fiji or ImageJ update sites if they are not semver compatible.
For example, SCIFIO depended on an old version of pom-scijava which was pulling in an old scijava-common. So even though the SCIFIO jar itself was fine in Fiji, on the SCIFIO-dev update site the scijava-common artifact was being overridden, creating a state where Fiji could not even launch.
The text was updated successfully, but these errors were encountered: