I am angry.
I just spent about an hour fiddling with indirect dependencies in my Maven configuration.
One issue was that while my version of Hibernate's entity manager depended on javassist:javassist in version 3.4, the new Sesame dependency I added used jboss:javassist in version 3.7 -- of course with the same package names so I ended up with a NoSuchMethodError. That wasn't too hard to figure out, but still a pain.
Worse was the whole "Simple Logging Facade For Java (slf4j)" crap. Everyone seems to think Java's in-build logging facility is not good enough for them, so they want to add something better. Or maybe there is this dream of allowing your users to plug their logging facilities of choice into your application, which is a nice thing to aim for, but somehow it seems to me that commons-logging proved well enough that it doesn't work.
What those guys had done is to introduce some breaking change between versions 1.5.5 and 1.5.6: suddenly a previously public static member has become private. Just the thing you do in a patch release if you want to annoy the world and waste a lot of time of people who surely don't have anything better to do. If you also make sure that people can create dependencies onto your stuff in lots of variants then suddenly you find yourself writing FAQ entries like this, which are only partially helpful.
The real question for me is this: "Why do all these projects really insist on adding these dependencies in the first place?" If you are providing libraries intending to be used by a wide range of people I would think you are very cautious in adding any dependency at all. And since I still haven't heard any compelling reason not to use the JDK logging facilities I wonder why people keep avoiding them.
Yes, JDK logging is not the best -- but it seems good enough for me.
Yes, the Handlers provided don't compete with e.g. log4js Appenders -- but you can write your own Handlers, you know?
And yes, there are some features such as the notion of a logging context that are missing from the JDK logging -- but I still haven't seen any code actually using those.
So if you have a good reason why one should use those logging libraries: please tell me. If not: please stop adding unnecessary dependencies that cause pain further down the track. And if you are in charge of managing releases for a public library: please turn on your brain and maybe try something like sigtest to help you with your decisions on API changes.