| [simrel-dev] Final Day for RC2 Contributions |
I know you all follow the schedules closely and don't need a reminder that today is the final day for updating your contribution for the 2025-06 release next Wednesday June 11th.
_______________________________
We're doing OK on the duplicates front but it's very clear to me that far too many projects (most?) ignore the "please don't include non-project content in features".
Here we see the result of ignoring that:
So ECF forces there to be an older version of commons-codec.
https://repo1.maven.org/maven2/commons-codec/commons-codec/1.16.0/
(two years old)
Yet you can also see ECF's contribution is very recent. Clearly
ECF is also not updating its Orbit dependencies. That makes me
sad and frustrated.
We also see the nebula too still includes orbit dependencies in their features too. Also frustrating.
https://repo1.maven.org/maven2/commons-codec/commons-codec/1.17.1/
(one year old)
The current version of this one:
https://repo1.maven.org/maven2/commons-codec/commons-codec/1.18.0/
(four months old)
(Also, they are there two versions of nebula.cwt; that will hopefully be fixed by an updated Papyrus contribution and maybe Papyrus will reconsider whether it actually needs import nebula features at all.)
---
I say all this, probably to a brick wall, because I predict that the day will come when one of these things will have a serious CVE and then the amount of work to address it will be potentially very large.
If we look at all the dependence we can see that every single one
of them would allow the 1.18.0 version to be installed and used,
except for the feature includes:
You can lead a horse to water...