Manuel Paccagnella about blog search Subscribe to RSS Feed

Warning! This blog's new home now is here.

(JAR) Hell is here

05 Dec 2013

From Gorging on Java frameworks and dependencies:

I can't remember who said it, but I think one of my colleagues at Comoyo said something along the lines of: "we obsess over our own code with code reviews and such, but we happily depend on any piece of shit some crazy monkey on the net has cobbled together in his spare time".

Think about that. Because it is true.

Right now your Java application probably contains a dozen version conflicts that you have not noticed. The more common variety being the same library occurring in your transitive dependency graph more than once and in different versions. It is sheer dumb luck that your application works at all. If you don't know what I am talking about I suggest you have a close look at your transitive dependency graph.

There has to be a better way to manage dependencies. One that is not necessarily a one-level dependency tree (which isn't an unreasonable thing given a suitable language/ecosystem). Well, maybe there is.

blog comments powered by Disqus