incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Hogstrom <>
Subject Re: Binary dependencies in source releases (Was: [VOTE] Release ManifoldCF 0.5-incubating, RC0)
Date Thu, 29 Mar 2012 01:52:20 GMT

On Mar 28, 2012, at 9:35 AM, Roy T. Fielding wrote:

> If you want to do it right, build the whole thing from scratch -- nothing
> but the source code.  If there isn't at least one person (or CI bot)
> doing that per project, we're screwed.

I think the problem has gotten more challenging over time as many projects (at least the Java
related ones) have a large number of dependencies on other Java projects.  The examples like
Ant are good.  I'll point out Geronimo and a number of the other open source projects that
build around JEE.  There is no JEE project per se, there are lots of different implementations
that get woven together.  Geronimo is probably hardest hit because the project had to include
dependencies from many other projects.  In some cases, the project took snapshots from the
other projects in order to ship because not all projects release in sync.  To avoid the problem,
at least a few years ago, we built a repo where we would capture the maven artifacts so a
Geronimo release could be built with a set of known and "versioned" dependencies.  To provide
any sense of repeatability this practice was necessary.

Perhaps we need a clarification on wording.  We have a release and we have distributions.
 The release is the vote on the source of the project and the distributions are a versioned
source tar-ball plus other binaries for different platforms or configurations.

We do release source and we do distribute binaries and source.  In some cases, the source
contains binaries which are dependencies but in no case that I'm aware of are the binaries
not from an open, referenceable and verifiable open source project.

Matt Hogstrom

A Day Without Nuclear Fusion Is a Day Without Sunshine

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message