Build error with gradle (command line)

[Johan Vos]

Hi John,

Regardless of the issues some of us have now, I believe the verification is
a good thing to add, so thank you for that enhancement. Security often
comes with a price, and if removing caches is all that it takes, I'm happy.
Unrelated to that, I'm worried about the maintenance cost of Gradle, and
the fact that some features are deprecated while their replacements are
still incubating is not increasing my confidence. In the Java world, we're
used to maturity and long-term support and I don't feel 100% confident
Gradle provides this (which doesn't mean it isn't a great tool, but maybe
not so for projects like this). But balancing pro's and con's (migration
effort), I'm still +1 to keep Gradle for OpenJFX.

- Johan

On Tue, May 11, 2021 at 5:05 PM John Neffenger <john at status6.com> wrote:

> On 5/11/21 5:24 AM, Jeanette Winzenburg wrote:
> > deleting the caches did work, at last ;)
>
> That's also what I had to do after similar errors. I thought there might
> be some bumps in the road when I proposed adding the Gradle dependency
> verification, but I hope we can retain enough of it to make the builds
> safer than before.
>
> If we notice that the the POM files are changing (without updating their
> versions), Kevin's idea of removing the POM entries should help. Even
> the Gradle documentation anticipates some problems, saying "It means
> that you will be tempted to switch it off." [1]
>
> The more I learn Gradle, the less likely I am to choose it for my own
> projects, but it is far ahead of Maven, for example, in protecting
> against supply-chain attacks. For Maven, this feature is still just a
> couple of old bug reports:
>
> Extend the Project Object Model (POM) with trust information (OpenPGP,
> hash values)
> https://issues.apache.org/jira/browse/MNG-6026
>
> Switch the default checksum policy from "warn" to "fail"
> https://issues.apache.org/jira/browse/MNG-5728
>
> John
>
> [1] https://docs.gradle.org/current/userguide/dependency_verification.html
>