www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Davanum Srinivas" <dava...@gmail.com>
Subject Re: [repo] /www/people.apache.org/repo/m1-ibiblio-rsync-repository/
Date Tue, 12 Dec 2006 21:39:30 GMT
How about a RAT like tool (or update RAT itself) to make these checks?
Any takers? Give us tools to help/police ourselves and to enforce the
policy.

-- dims

On 12/12/06, Steve Loughran <steve.loughran@gmail.com> wrote:
> (replying to all as I dont yet know if dims is on repository@)
>
> On 12/12/06, Davanum Srinivas <davanum@gmail.com> wrote:
> > Don't worry carlos. Let's set up a process. Let's document what we
> > process we want everyone to conform to on our Wiki then inform infra
> > folks. Let them look it over and then we can set a date for new
> > releases to conform to the policy. Does that sound like a plan?
> >
>
> 1. Nobody releases artifacts that arent signed off by the relevant PMC.
>
> 2. No artifacts get released if their explicit/implicit metadata is invalid
>
>   -POMs have schema declaration and are valid against the schema
>   -POMs have no unexpanded ${project.version} values
>   -all dependencies resolve. You cannot depend on sun stuff that
> doesnt at least have a stub.
>   -dependency graph is acyclic and no ambiguities (conflicting
> artifacts at the same depth)
>   -until we have an automated solution, all artifacts will be held in
> staging until hand audited. That means scanning the artifact looking
> for common-troublespots (testing artifacts non-optional, etc)
>   -checksums exist and are correct.
>   -MD includes license and POM author info.
>
> In an ideal world we'd audit the JARs and look for trouble there too.
>  -Java1.5+ class files (warn, dont reject :)
>  -copied in class files from other JARs
> I dont have any stats on how much of an issue this is, yet.
>
> As far as I'm concerned, the repository team is not over-strict;
> they've been far too forgiving of the stuff that goes in there,
> accepting artifacts in the wrong place and with truly awful metadata.
> Nobody benefits from that.
>
> -Steve
>


-- 
Davanum Srinivas : http://www.wso2.net (Oxygen for Web Service Developers)

Mime
View raw message