The definition of `requires`

[David Lloyd]

The TL;DR question is: do we see `requires` as a dependence on a specific
*artifact*, or as a "capability requirement" i.e. "I require a module named
foo.bar that provides packages x, y, z"?

Now the TL part. A build system like Maven presents dependency lists in
terms of artifact coordinates, which generally resolve to a specific
artifact. In some cases, there will be a dependency on some kind of API
with a scope of "provided", indicating "when I run this thing in the target
environment, we need these classes/packages to be available".

The actual artifact (or one of its transitive dependencies) found in the
run time environment may be entirely different. It may be a different
vendor's implementation of a spec API like Jakarta EE. It may be a case
like log4j 1.x, where it is a widely used library but with known security
problems, so a replacement (e.g. reload4j) is provided instead. The
replacement artifact supplies the same API, the same packages, etc.,
however the implementation is different and the library itself may have
different dependencies than the original, meaning that the build time
dependency graph does *not* match the run time graph (particularly, the
build time graph may terminate at various points whereas the run time graph
does not).

Would this be seen as misuse in JPMS terms?

-- 
- DML • he/him
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/jigsaw-dev/attachments/20241220/aa3940f3/attachment-0001.htm>