Am 27.11.2017 um 22:24 schrieb Stephen Colebourne:
> The "many" are those consuming Guava as a simple library who don't
> want the dependencies and have no need to see/use the annotations - they
> are just annoying cruft (that we have to exclude, others will just
> accept).
I think I'm one of the "many" in that frankly, I don't care too much
about indirect dependencies - Maven keeps track of them for me, and I
get annoyed only if there's a version conflict.
Then there's the case of an indirect dependency that comes with a CVE or
a memory leak or similar nasties, but that's merely a matter of
submitting a bug report and getting the thing fixed before delivering
any software that uses it - so it's not a big deal above and beyond what
we "many" already have to do.
Of course there's the point were indirect dependencies start to
proliferate, but I think you worry too much - very few Java libraries
worry too much about the dependencies they use, and the Java library
ecosystem still works.
I guess the main point is that library makers dislike relying on
external dependencies because it's outside of their control, yet they
need them to make their own code work. I.e. the list of external
dependencies is kept to a minimum.