www-community mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Kienenberger <mkien...@gmail.com>
Subject Re: Non-released Dependencies
Date Fri, 25 Jul 2014 12:14:44 GMT
On Fri, Jul 25, 2014 at 7:06 AM, Vincent Hennebert <vhennebert@gmail.com> wrote:
> there's an undergoing debate in the XML Graphics project about doing
> a release that has a dependency on a snapshot version of another
> (Apache, for that matter) project.
>
> I know there's a policy at Apache to not release a project that has
> non-released dependencies. The problem is, I don't know how I know
> that... I cannot seem to be able to find any official documentation that
> explicitly states it.
>
> The following link: http://www.apache.org/dev/release.html#what is
> apparently not convincing enough. I'm answered that this concerns our
> own project but that it's fine to do an official release containing
> a snapshot binary.
>
> Saying that every binary artefact has to be backed by source code and
> that, in the case of a snapshot, we have to point to some Subversion
> revision number, is apparently not convincing enough either. Despite the
> obvious dependency nightmare that that would cause to users (and, in
> particular, Maven users and Linux distributions).
>
> Does anybody have any official reference to point at, that I may have
> missed? More convincing arguments, legal reasons (should I forward to
> legal-discuss@)?

There are many topics on which only guidelines exist.   In my opinion
as an ASF member, this is not one of them.

http://www.apache.org/dev/release-publishing.html#what
> the fundamental requirement for a release is that it consist
> of the necessary source code to build the project

That doesn't just mean building the project at the moment.  It means 3
or 5 years down the road.   Building against a snapshot isn't
reproducible in the long term.  If a user at some point cannot change
a line of code in your release and recompile the code, you've failed
to meet the release requirements.

Again, having your release buildable from code is the *ONLY*
requirement for a release (other than legally owning the code).   You
can publish a release which is completely non-functional and
unsuitable for the purpose for which it was designed (we hope you will
not), but you cannot publish a release which is not buildable from
source.

As for addressing the specific situation, In order to make an
acceptable release against a snapshot, you would need to bundle a
buildable version of the snapshot source code (ie, an internal
"release" of that source code) as part of your release.  However,
since the dependency is on another ASF project, there's really no
reason not to just get that other project to create an official
release for you.

---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org


Mime
View raw message