www-repository mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Loughran" <steve.lough...@gmail.com>
Subject Re: [repo] /www/people.apache.org/repo/m1-ibiblio-rsync-repository/
Date Tue, 12 Dec 2006 21:30:15 GMT
(replying to all as I dont yet know if dims is on repository@)

On 12/12/06, Davanum Srinivas <davanum@gmail.com> wrote:
> Don't worry carlos. Let's set up a process. Let's document what we
> process we want everyone to conform to on our Wiki then inform infra
> folks. Let them look it over and then we can set a date for new
> releases to conform to the policy. Does that sound like a plan?

1. Nobody releases artifacts that arent signed off by the relevant PMC.

2. No artifacts get released if their explicit/implicit metadata is invalid

  -POMs have schema declaration and are valid against the schema
  -POMs have no unexpanded ${project.version} values
  -all dependencies resolve. You cannot depend on sun stuff that
doesnt at least have a stub.
  -dependency graph is acyclic and no ambiguities (conflicting
artifacts at the same depth)
  -until we have an automated solution, all artifacts will be held in
staging until hand audited. That means scanning the artifact looking
for common-troublespots (testing artifacts non-optional, etc)
  -checksums exist and are correct.
  -MD includes license and POM author info.

In an ideal world we'd audit the JARs and look for trouble there too.
 -Java1.5+ class files (warn, dont reject :)
 -copied in class files from other JARs
I dont have any stats on how much of an issue this is, yet.

As far as I'm concerned, the repository team is not over-strict;
they've been far too forgiving of the stuff that goes in there,
accepting artifacts in the wrong place and with truly awful metadata.
Nobody benefits from that.


View raw message