incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Diephouse <...@envoisolutions.com>
Subject Re: [policy] incubating projects and maven repositories v1.0
Date Wed, 30 Aug 2006 16:15:50 GMT
Niclas Hedhman wrote:
> On Monday 28 August 2006 11:31, Jason van Zyl wrote:
>   
>>> Could that report be made part of the release:prepare and the  
>>> release manager
>>> had to explicitly approve it??
>>>       
>> How are we supposed to enforce that? And what if they are not using  
>> Maven? Say using either the Maven Ant Tasks, or Ivy, or just an http  
>> get to get artifacts from a repository.
>>     
>
> We are probably misunderstanding each other...
> The question that came up was about transitive dependencies, which the user do 
> not necessarily check for, and could end up being dependent on incubating 
> projects against his/her will. Something that can't happen for snapshots 
> (unless you bypass Maven's intended behaviours) 
>
> You said, that one can check the full set of dependencies from a report 
> generated by Maven2.
>
> I said, if that report could be output during the release:prepare phase, and 
> that if the release:prepare phase would require the release manager to 
> approve the use of that dependency tree, then we put the responsibility in 
> the hands of the Maven2 user.
>
> You then start talking about 'enforcement'... And I am lost. Enforcing what? 
> If the report can be generated, then either your statement above isn't valid, 
> or the report is not capable of reporting the dependencies, in which case the 
> original statement is not accurate.
>
> I suspect that you are trying to find problems with non-Maven systems, but 
> that can always happen and not the issue at hand. BuildSystemAbc could pull 
> down all kinds of stuff for the users, including snapshots, pirated software 
> and virii. IMHO, Maven repositories exist mainly to support Maven and 
> Maven-compatible(!) build systems.
>
> Your suggestions in the original mail is very good, and *I* don't have any 
> opinion about whether a separate Incubating repository is needed or not. Both 
> arguments for and against sound reasonable.
>   
I don't really think that this is going to help anything. The user is 
always in control.  The responsibility has never left their hands. Lets 
step away from the incubator a sec and take GPL jars for instance - if 
there is a transitive dependency on GPL jars, the user is completely 
responsible for that. Why would it be any different for an incubator JAR?

- Dan

-- 
Dan Diephouse
Envoi Solutions
http://envoisolutions.com
http://netzooid.com/blog


---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message