On Sat, 15 Aug 2020 23:38:37 +0200, Deloptes wrote:

> I always have a problem with those 3rd party packages - you download a
> jar and you never know what is inside it and then you complain about
> injections :D But I must admit I've used some also. I tried to check the
> code of some, but it is virtually impossible or at least very time
> consuming. This is why I choose Symfony Framework - not that it does not
> have the same problem with 3rd party, but at least they are not binary
> code packed in jar.
>
I never download 3rd party jarfiles - only source. This has advantages:
(a) I get to read the source,
(b) I KNOW which compiler it was compiled with.
    I'm currently on OpenJava 1.8
(c) I get to generate a set of javadocs from the source and link them
    to my local Java Documentation web page along with the official docs
    and javadocs for my own support classes.

The thing that pisses me off most with 3rd party code is how much of it
is either undocumented or very poorly documented.

IMO if you're going to publish your own packages you're just waving two
fingers at anybody who downloads it if you haven't documented packages,
classes and methods to at least the same standard used in the standard
classes and packages and, equally important, taken the time to generate
javadocs from your code, read the output to check that it makes sense as
well as correcting any errors, omissions and typos in the comments.

I know its easy to do all that and still write something that may not
make sense to others, but the least you can do then is to treat any
queries or error reports as sufficient reason to correct the code and/or
comments, retest any code changes (I maintain a set of regression test
scripts for my support classes - do you?) and release an updated version
in a reasonably timely fashion.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05