incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dan Diephouse <>
Subject Re: [policy] incubating projects and maven repositories v1.0
Date Wed, 30 Aug 2006 16:15:50 GMT
Niclas Hedhman wrote:
> On Monday 28 August 2006 11:31, Jason van Zyl wrote:
>>> Could that report be made part of the release:prepare and the  
>>> release manager
>>> had to explicitly approve it??
>> How are we supposed to enforce that? And what if they are not using  
>> Maven? Say using either the Maven Ant Tasks, or Ivy, or just an http  
>> get to get artifacts from a repository.
> We are probably misunderstanding each other...
> The question that came up was about transitive dependencies, which the user do 
> not necessarily check for, and could end up being dependent on incubating 
> projects against his/her will. Something that can't happen for snapshots 
> (unless you bypass Maven's intended behaviours) 
> You said, that one can check the full set of dependencies from a report 
> generated by Maven2.
> I said, if that report could be output during the release:prepare phase, and 
> that if the release:prepare phase would require the release manager to 
> approve the use of that dependency tree, then we put the responsibility in 
> the hands of the Maven2 user.
> You then start talking about 'enforcement'... And I am lost. Enforcing what? 
> If the report can be generated, then either your statement above isn't valid, 
> or the report is not capable of reporting the dependencies, in which case the 
> original statement is not accurate.
> I suspect that you are trying to find problems with non-Maven systems, but 
> that can always happen and not the issue at hand. BuildSystemAbc could pull 
> down all kinds of stuff for the users, including snapshots, pirated software 
> and virii. IMHO, Maven repositories exist mainly to support Maven and 
> Maven-compatible(!) build systems.
> Your suggestions in the original mail is very good, and *I* don't have any 
> opinion about whether a separate Incubating repository is needed or not. Both 
> arguments for and against sound reasonable.
I don't really think that this is going to help anything. The user is 
always in control.  The responsibility has never left their hands. Lets 
step away from the incubator a sec and take GPL jars for instance - if 
there is a transitive dependency on GPL jars, the user is completely 
responsible for that. Why would it be any different for an incubator JAR?

- Dan

Dan Diephouse
Envoi Solutions

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message