Hey, commons-logging team, you’re on notice!
Here is a dump of the Maven 2 dependencies from the project I use for my article on embedded integration testing:
no.brodwall.demo:web-demo:war:1.0-SNAPSHOT org.springframework:spring:jar:2.0.1:compile commons-logging:commons-logging:jar:1.1:compile avalon-framework:avalon-framework:jar:4.1.3:compile javax.servlet:servlet-api:jar:2.5:test javax.servlet:servlet-api:jar:2.5:compile logkit:logkit:jar:1.0.1:compile log4j:log4j:jar:1.2.12:compile
Never mind the fact that commons-logging was meant to be a thin facade on top of other logging frameworks. commons-logging 1.1 actually include compile dependencies on: log4j, servlet-api, avalon-framework, and logkit! servlet-api!?! WTF!?
Maven 2 is extremely susceptible to bad POMs because dependencies are resolved transitively. The practical consequence of this screw up is that if you build a WAR that includes Spring using Maven 2, you will get servlet-api included as well. Most application servers don’t like this.
This has actually been reported as a bug for Maven, but changing a POM in the Maven repository is “illegal”. This means we’re stuck with this mess.
I for one think that this is one screw-up that shows unacceptable stupidity on part of the commons-logging team. And the fact that it has not been fixed in the half year since 1.1 is just enough to make me want to go shoot someone. Join me and let’s make our code commons-logging-free!.