0

I don't have much experiences with Android development and I have a doubt about the dependencies using Gradle. For example:

If I construct an Android app using Gradle dependecies and the package provider (for example picasso) remove the package from the repository, what will happens with my project? Will I lose the components? Or It makes a local copy of the binaries and my project will kept working normally?

Thanks a lot for help me to understand better how does it works.

pedro.olimpio
  • 1,478
  • 2
  • 22
  • 43
  • 2
    Generally speaking, your build won't be reproducible if a package is removed from a repository. **But**, for Maven Central, the repository that provides for example [Picasso](https://mvnrepository.com/artifact/com.squareup.picasso/picasso), this will **never** happen, because packages [won't be deleted from this repository](https://stackoverflow.com/questions/9789611/removing-an-artifact-from-maven-central). – Lukas Körfer Feb 28 '18 at 14:26

4 Answers4

2

First, you should read that :

Short answer to your question : your project will still build unless your cache is cleared or if the dependency's version changes

But a package usually does not disappear from a repository (edit : as lu.koerfer underlined it in a comment, packages are not deleted from repository). If so, there might be a replacement package with a different name/group and you should update your dependencies to make it build properly again instead of relying on the cache.

ToYonos
  • 16,469
  • 2
  • 54
  • 70
2

Gradle downloads and caches all the dependencies when you perform Sync, you can see it at the bottom of your Android Studio.

If in the new version of library was deleted some packages, we have two options:

  • You update library version in your project and this package was removed for your project too

  • You use the old version of library and package still accessible from your project.

Denysole
  • 3,903
  • 1
  • 20
  • 28
2

You should keep a backup copy of the library you are installing as a dependency, but you shouldn't really worry about it ahead of the time that much.

It is quite rare, but it could get removed due to many reasons. There have been such instances in other cases where someone responsible for managing some package has just decided to remove it or alter it.

This does not just apply to Gradle but to any such dependency your application depends on, from any hosted package management solution. This same advice therefore applies to systems like NPM as well.

What you should ask yourself at some point in the development would be "Can I build this in 5 years again to fix a bug on a fresh machine with all the data I have and probably still have access to in 5 years?", because your local dependency cache might be long gone at that point anyways and the downloads for the library might be gone from the internet as well. It is a good practice to tuck them away somewhere in the same repository as the rest of the code, just in case.

Lassi Kinnunen
  • 448
  • 4
  • 10
  • Thanks Lassi for the answer. Do you know any form how can I backup gradle reliably? The folder e etc... – pedro.olimpio Feb 28 '18 at 14:14
  • 2
    Just don't backup! If a package will be deleted at any point, then for a specific reason (e.g. a major security problem). At this point you should **never** reuse a local backup, but instead fix your project to use a newer version or even a completely different library! – Lukas Körfer Feb 28 '18 at 14:29
  • the libraries from gradle are usually available from other sources as well. and @lu.koerfer the package can be replaced with one that has a security flaw as well. it's not something that wouldn't have happened before. it all depends of course, but my point about 5 years down the line was that maybe you can't find it. the whole repo might be down. all the links to it might be down. trusting them to stay online is not a really good way if you might want to recompile them 5 or 10 years down the line. I got some code I can't find sdk's to compile them easily anymore(old symbian stuff). – Lassi Kinnunen Feb 28 '18 at 16:06
1

If you will remove the dependency that you using, your project will still be able to use the library you willing to use.
until other dependency with same name / group will override your older dependency

You can read more about how gradle works, and how gradle manage his cache dependencies

Daniel Taub
  • 5,133
  • 7
  • 42
  • 72