Klangism

Things that were important enough at the time when they were written.

Viktor Klang is a legendary programmer, known from places like the Internet. Consider following him on Twitter.

Nov 28

Dependency Hell

I’ve been meaning to write something very thoughtful about dependency management over the past year, but haven’t found time to do it.

So now I’ll just blurt it out and see what you think of it.

Dependency management in Java land usually means keeping track of .jar-files - this is stupid. “What?” you say?

Well packaging a .jar file means that you feel you’re qualified to make the decision on what parts of your code other people will need and use. In other words, you’re trying to see into the future and create the optimal jar for your users.

Well, wake up and smell the snow. You ain’t going to do that well.

That’s why tools like ProGuard exist - to remove superfluous code from your jars, code that isn’t needed for the program to work.

Now, wouldn’t it be nicer if things were the other way around? So instead of _removing_ what isn’t needed, you only get the classes/code you need instead?

Think about it for a second.

Then we have the current situation with Maven repositories. I hate it. It means that you have to manually keep track of tons of servers and if one is down when you need it, you either have to make sure your build works without it, or start looking for the lint in your bellybutton for a while, waiting for it to come online again.

We’ve had p2p-networks, BitTorrent and tons of different distributed storage solutions, so _why_ Dear God do we need to have manual repository management and SPOFs?

Think about it for a second.

I don’t have the technical solutions, but something where the needed classes/code would be loaded at build time and a class loader would find runtime dependencies on a distributed network at runtime and cache them locally.

Make it happen, I dare you