netbeans-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antonio Vieiro <anto...@vieiro.net>
Subject Re: Should we use Eclipse Maven Repository too?
Date Sun, 15 Oct 2017 15:00:00 GMT

> El 15 oct 2017, a las 15:50, Emilian Bold <emilian.bold@gmail.com> escribió:
> 
> It's part of the Apache IP clearance. We need to know our dependencies. A
> binary JAR won't do, specifically because we patch stuff too. We can't just
> go through classes and add small license headers when we imports lots and
> lots of binaries as external dependencies. Knowing the exact (legal) status
> of our dependencies is even more important than going through the codebase
> imho.
> 

So the important thing here is to _identify_ the exact procedence of each binary dependency
& its license and legal status, but not to actually compile modules against binaries,
am I right?


>> I'd prefer upgrading to modern versions than seeking old ones.
> 
> This involve potential breaking changes, code refactoring and potential
> bugs. Why risk all that?
> 
> Let's just make an inventory of everything (ie. IP clearance) and build
> with the JARs we have tested before!
> 

If possible yes, of course. Trouble is when you can’t find a jar from 2009 :-)

Thanks for your clarification, Emi, this helps.

Un abrazo,
Antonio


Mime
View raw message