hakanai
commented
5 years ago I'd be really happy with this as well, for a different reason entirely:
The dependency on jaxen is only declared as "optional", which is extremely trappy - it isn't obvious when first including the library that it will just explode when calling certain things which depend on the optional dependency. I discovered it when we first added it, worked around it, and then the issue came back to bite us multiple times in the future as the project got rearranged and people doing the rearranging weren't aware of the requirement.
We tried modifying the POM ourselves and uploading a vendored version of JDOM. This worked until someone later accidentally updated it without modifying the POM for the new version.
We tried using Gradle client module dependencies to add the explicit dependency from the build, and that seemed to work until we discovered a bug in Gradle which makes it not use the extra dependencies in some obscure situation.
Now we're trying adding both dependencies together in all projects on our side, but I can already see a situation where someone will add one without adding the other.
JDOM could separate the classes which depend on Jaxen into a separate artifact, which would clean this up hugely, but removing it would solve the issue too.
wltjr
Depending on jaxen leads to dependency-hell: jaxen requires dom4j for compiling. and dom4j requires jaxen for compiling.
This inhibits building both packages – and thus jdom – from source (read: without basing .jars downloaded elsewhere). Building software from pure source is important to provide a verifiable path from source code to binary, see reproducible builds.
So please remove the dependency on jaxen to enable building jdom from source. Thanks.