james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefano Bagnara <apa...@bago.org>
Subject Re: [mime4j] release plan for 0.3
Date Sun, 13 May 2007 17:20:05 GMT
robert burrell donkin ha scritto:
>> > it's best to prefix the jar names with 'apache' (eg
>> > apache-james-mime4j-0.3-SNAPSHOT-bin.tar.gz) since this allows
>> > trademark law to be used against anyone passing off bad jars
>>
>> I see your point, but shouldn't this be discussed with the whole Maven2
>> community?
> 
> not really: there are quite a lot of areas where work is needed before
> maven will produce compliant releases. AIUI the maven team are have
> been working hard on a lot of these areas and it's a lot better now.

I never read this on Maven2 lists/docs: we should spread the word :-)
I will start applying this rule to our projects.

>> None of the jars distributed by ASF via Maven repositories (*MANY*
>> products) have the apache name in the jar !?! (well maybe a couple of
>> them have this prefix.. but a couple vs thousands)
> 
> i've taken a quick look and the maven 2 repository is much worse than
> the old one used to be
> 
> jar names should include 'apache'. unless jar names include 'apache'
> we have no ability to ensure that others do not produce jars with the
> same name. probably need to go and remind them that they still have it
> very wrong.

There should be a "priority" list where every committer should receive
such informations: they are critical to the ASF community and I ensure
you that even if I read a lot of documentaiton and I make a lot of
questions on how to do stuff I never head the prefix thing before!
Please note that this is not to mean that I don't believe you, but
simply to tell to someone that I think this thing is important and this
should be documented and more widely communicated to newcomers.

>> Should we change every of our artifactId to include "apache-" ? We have
>> org.apache.james in the groupId for every artifact, but we don't have
>> "apache" for the artifactId (as I said before I'm not aware of any other
>> project using "apache" in the artifactId apart the
>> apache-jar-resource-bundle-1.2.jar I just added to the local stage
>> folder).
> 
> every artifact id should include 'apache'

Ok. Added to todo.

>> > taken a quick look and the basics seem ok (haven't run RAT)
>> >
>> > mvn doesn't work for me when running against trunk
>>
>> maven 2.0.6 > mvn -U -Plocal package
>>
>> What's the error you get?
>>
>> if it was the missing "apache-jar-resource-bundle" artifact I just added
>> it to the local repository (having it in the james-project local
>> repository hidden this problem to me).
>> Please tell me if this fixed your issue.
> 
> mvn -U -Plocal package works for me now
> 
> i recommend adding a top level BUILDING.txt file giving building
> instructions

Added to todo.

> <snip>
> 
>> > the root source lacks NOTICE and LICENSE
>>
>> Do you mean the source tree in svn or the source package?
> 
> best to have them at the top of the source tree in svn
> 
>> I believe the
>> source package containes the NOTICE/LICENSE.
>> About the svn source tree I posted a question on legal-discuss but I
>> received no answer about this:
>> http://mail-archives.apache.org/mod_mbox/www-legal-discuss/200705.mbox/<463EFEEF.4080201@apache.org>
> 
> it's not a legal question but an infra question
> 
> all apache releases require LICENSE and NOTICE. source releases should
> be the primary form of release for apache projects. source releases
> are formed by svn export. if the source lacks top level LICENSE and
> NOTICE files then it's hard to create compliant releases.

the source package is generated via an mvn assembly (package) command
and it make sure to include an up-to-date NOTICE/LICENSE.

Imho it is important to understand if the svn root tree is a requisite
or not because currently our NOTICE and LICENSE is generated by metadata
included in the POM and having also a non-automatically generated
artifact in the source tree will lead to duplication and much more easy
desynchronization.

So I'd like to know what is the legal requirement and then to be able to
decide how to better accomplish it technically ;-)

I don't understand why this should be asked to INFRA and not LEGAL, but
I will do this too. (added to todo ;-) ).

>> If they will reply that NOTICE and LICENSE are needed also in the svn
>> source tree then we should coordinate the Maven2 guys to avoid pushing
>> the use of the
>> "apache-jar-resource-bundler"+"maven-remote-resources-plugin"
>> combination because this leads to no LICENSE/NOTICE in the source tree.
> 
> seems wrong to me that maven actively conflicts with the use of an svn
> export to create a proper source release
> 
> - robert

I don't agree on the fact that svn export should be used to create
source releases. svn export does not create a package, does not sign it,
does not ensure any rule.

Every other package we release is created by a build script: why should
we use svn export for the source release?

This is my opinion, of course.

Thank you for following me in this mime4j task,
Stefano


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org


Mime
View raw message