Discover and read the best of Twitter Threads about #log4jshell

Most recents (1)

Given recent events #log4j #log4jshell, here are some thoughts about dealing with dependencies and their versions in the Java-ecosystem when using #gradle. Some thoughts/explanations and an idea I had when thinking about the current state of things.
Dependency management is hell. Always. If you rely on external open-source components, which again rely on other open-source components, you are already in trouble. Luckily, that's what everyone is doing. So we are all in trouble together.
Of course it is great to reuse. But using code you have not written yourself, and you don't fully understand yourself, requires a lot of trust. As we have just seen, this can lead to incidents where you need to be ready to respond quickly.
Read 32 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!