[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Manifests are dangerous (Re: Symlinking jars is dangerous)

----- Original Message -----
From: "Michael Gratton" <mike@vee.net>
> Joe Emenaker wrote:
> > What if someone releases two jars and foo.jar's manifest makes reference
> > "../../../../../../../../bar.jar"? Am I faced with either putting
bar.jar in
> > my root dir or not using the package at all?
> Ahh, well they're stupid then. Really, there's no point for someone to
> reference a jar in that fashion - that is an abuse of the mechanism. And
> would you really want to use software written by someone with such a
> blatant lack of clue? 8)

Granted, my example was entirely contrived, but it was to make a point. How
about a more plausible example:

foo.jar makes reference to "../bar.jar". Let's say that I like to keep all
of my common jars in a separate filesystem (or, perhaps, an NFS share)
mounted at, say, /usr/local/lib/java. If I want to put foo.jar in there,
then I have to put bar.jar *outside* of that filesystem, in /usr/local/lib
(and, in the case of NFS shares, this would mean that foo.jar would be able
to just be in the NFS drive while bar.jar would have to be placed on each
machine using the NFS drive). The alternative (which seems to be the lesser
of two evils, but still similarly screwed up) is to put foo.jar in something
like /usr/local/lib/java/dummy so that it can look up one directory and
still stay on the current filesystem. Blech!

- Joe

Reply to: