www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Non-released Dependencies
Date Fri, 25 Jul 2014 11:49:21 GMT
Le 25/07/2014 13:06, Vincent Hennebert a écrit :
> Hi,
> there’s an undergoing debate in the XML Graphics project about doing
> a release that has a dependency on a snapshot version of another
> (Apache, for that matter) project.
> I know there’s a policy at Apache to not release a project that has
> non-released dependencies. The problem is, I don’t know how I know
> that... I cannot seem to be able to find any official documentation that
> explicitly states it.

Just consider the technical aspects of the problem : how do you identify
the non-released package ? By a timestamp ? How do you associate this
timestamp with some source ?

For an external user having some problem with your project, just because
there is something wrong in this non-release package, how do you think
someone can help debugging the problem ? How do you track the exact code
associated with this non-released package?

This is just common sense, and anyone who has already worked with
non-released/non-trackable packages know exactly what I mean.

Otherwise, if common sense is not enough, you can probably use

" (Where appropriate) check the that the application is built against
the correct versions"

Now, assuming the dependencies are Apache projects, then you can't
release them into your own project release, if they aren't themselves
released, per http://www.apache.org/dev/release.html#what :

" Under no circumstances are unapproved builds a substitute for releases."

and again, from

"dependencies should comply with the current apache policy"

By depending on a non-released component, you are breaking these rules,

IMHO, leveraging common-sense should be enough...


To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org

View raw message