Hey, commons-logging team, you’re on notice!

Here is a dump of the Maven 2 dependencies from the project I use for my article on embedded integration testing:

 no.brodwall.demo:web-demo:war:1.0-SNAPSHOT
   org.springframework:spring:jar:2.0.1:compile
     commons-logging:commons-logging:jar:1.1:compile
       avalon-framework:avalon-framework:jar:4.1.3:compile
       javax.servlet:servlet-api:jar:2.5:test
       javax.servlet:servlet-api:jar:2.5:compile
       logkit:logkit:jar:1.0.1:compile
       log4j:log4j:jar:1.2.12:compile

Never mind the fact that commons-logging was meant to be a thin facade on top of other logging frameworks. commons-logging 1.1 actually include compile dependencies on: log4j, servlet-api, avalon-framework, and logkit! servlet-api!?! WTF!?

Maven 2 is extremely susceptible to bad POMs because dependencies are resolved transitively. The practical consequence of this screw up is that if you build a WAR that includes Spring using Maven 2, you will get servlet-api included as well. Most application servers don’t like this.

This has actually been reported as a bug for Maven, but changing a POM in the Maven repository is “illegal”. This means we’re stuck with this mess.

I for one think that this is one screw-up that shows unacceptable stupidity on part of the commons-logging team. And the fact that it has not been fixed in the half year since 1.1 is just enough to make me want to go shoot someone. Join me and let’s make our code commons-logging-free!.

The commons-logging: you’re on notice! by Johannes Brodwall, unless otherwise expressly stated, is licensed under a Creative Commons Attribution 3.0 Unported License.