search

neuhalje / bouncy-gpg

Make using Bouncy Castle with OpenPGP fun again!
https://neuhalje.github.io/bouncy-gpg/
Other
205 stars 58 forks source link

Do not expose logback as compile-time dependency #41

Closed xSAVIKx closed 3 years ago

xSAVIKx commented 4 years ago

Describe the bug A library should not restrict its users to a particular logging framework. Currently, bouncy-gpg uses logback and depends on it in compile while this should be clearly up to the user what logging framework to use.

Expected behavior Only the logging facade should be exposed such as slf4j or flogger or log4j2-api.

Additional context While different applications rely on different logging frameworks, having a strict dependency on logback forces users either to exclude logback from the dependency or switch to it.

Quick fix One can exclude the logback from the library dependency, e.g. in Maven:

<dependency>
    <groupId>name.neuhalfen.projects.crypto.bouncycastle.openpgp</groupId>
    <artifactId>bouncy-gpg</artifactId>
    <version>${bouncy-gpg.version}</version>
    <exclusions>
        <exclusion>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
        </exclusion>
    </exclusions>
</dependency>
neuhalje commented 4 years ago

thanks for the report & work around!

neuhalje commented 3 years ago

Fixed in 2.3.0