edgent-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dale LaBossiere <dml.apa...@gmail.com>
Subject Re: LICENSE/NOTICE, etc of binary bundle from "-Pdistribution"?
Date Mon, 18 Sep 2017 20:23:40 GMT

> On Sep 18, 2017, at 3:40 PM, John D. Ament <johndament@apache.org> wrote:
> 
> On Mon, Sep 18, 2017 at 3:25 PM Dale LaBossiere <dml.apache@gmail.com>
> wrote:
> 
>> I pulled the latest pr309 changes and generated a binary bundle using “mvn
>> package -Pdistribution”.  I see the external dependencies are now present
>> in an ext directory in the bundle. Yay! :-)
>> 
> 
> If you're using maven, and we have the proper transitive dependencies
> listed, why is this useful?

It’s not useful in that case.

Quite frankly I think we have the other cases where a similar capability/content is needed
already covered (though similar issues arise):

- the user is developing their Edgent app with tooling that isn’t integrated with maven
repos and just needs all the released jars
	we supply a get-edgent-jars.sh that instead of building Edgent jars retrieves them and their
deps from a maven repo
        the user can then do what they want with those jars - e.g. just setup classpath to
them

- to deploy Edgent runtime components to an edge device (lacking maven repo connectivity)
for execution of their Edgent app 
	again they can use that get-edgent-jars.sh script and then create their own bundle containing
everything and convey that to their device.
        alternatively, they can:
            - build their app with maven and create an uber jar containing their app and dependent
Edgent runtime deps, etc
            - or use a package-app.sh we provide that creates a tarball containing their app
and dependent Edgent runtime deps, etc

What sort of “documentation” do we need to provide the user telling them what external
runtime dependencies Edgent has?
That documentation might also be referred to by the get-edgent-jars.sh and package-app.sh
scripts.

How do other projects address telling its users this info this when they’re not providing
license/notice content for their external deps because they’re not releasing binary bundles
containing them?  Pointers to specific content pls.

>> Clarification for others, the generated zip/tarball will NOT be released
>> by the ASF.  This bundle is something that users can build for themselves
>> for certain use cases.  With that in mind...
>> 
>> There’s a LICENSE and NOTICE file present in the bundle.  Right now the
>> content of each is for a released “source bundle” context - i.e. no mention
>> of any of the bundled external deps content.
>> 
>> Can we simply exclude these inaccurate files?  I assume we can since this
>> isn’t a released artifact.  Mentor input helpful here.  Note, each bundled
>> Edgent jar has its own LICENSE/NOTICE in its manifest.
>> 
>> 
> No. While the binary release is a convenience, it should be accurate.  The
> LICENSE/NOTICE should reflect the contents of the binary bundle.

That would suck :-)  Avoiding that is part of the reason to *cease releasing* a binary bundle
containing external deps.
Of course we can cease documenting this “-Pdistribution”.

— Dale
Mime
View raw message