Add BOM

[runeflobakk]

I have taken a stab at trying to fix #899. This will add a new subproject to produce a BOM which includes all the other subprojects and their versions. The published BOM can be declared in <dependencyManagement> in a pom.xml like this:

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bc-bom-jdk18on</artifactId>
    <version>1.80-SNAPSHOT</version> <!-- Replace with release version -->
    <type>pom</type>
    <scope>import</scope>
</dependency>

And this will ensure all BouncyCastle artifacts included in the dependency graph to be managed to the same version, even though you may not explicitly depend on them in your project, and your dependencies may themselves depend on different BouncyCastle artifacts and versions. Example:

Resulting published POM

(Omitted the various XML declarations for brevity)

<project>
  <modelVersion>4.0.0</modelVersion>
  <groupId>org.bouncycastle</groupId>
  <artifactId>bc-bom-jdk18on</artifactId>
  <version>1.80-SNAPSHOT</version>
  <packaging>pom</packaging>
  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bccore-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcutil-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcpg-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcpkix-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcprov-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bctls-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>bouncycastle</groupId>
        <artifactId>test</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcmls-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcmail-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
      <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcjmail-jdk18on</artifactId>
        <version>1.80-SNAPSHOT</version>
      </dependency>
    </dependencies>
  </dependencyManagement>
</project>

Questions

This is the first time I have done anything remotely involved with Gradle, so there may be better way to achieve this.

• in bom/build.gradle, I am listing all subproject to be included, verbatim. Should this be resolved on its own somehow?
• Since the new bom-subproject needs to be a "java-platform" artifact, and the root project sets up the "java"-plugin for all subprojects, I needed to exclude the bom from this. Should this be done in another way?
• The other projects does not seem to include a description. Should this be omitted in the new bom subproject as well?
• Should the artifact name bc-bom-$vmrange be something else, to align with existing naming conventions? E.g. bcbom(without a dash)? I think I would prefer e.g. bouncycastle-bom-jdk18on, but that may be deviating too far from existing naming.