Le 25/07/2014 13:06, Vincent Hennebert a écrit : > Hi, > > there’s an undergoing debate in the XML Graphics project about doing > a release that has a dependency on a snapshot version of another > (Apache, for that matter) project. > > I know there’s a policy at Apache to not release a project that has > non-released dependencies. The problem is, I don’t know how I know > that... I cannot seem to be able to find any official documentation that > explicitly states it.
Just consider the technical aspects of the problem : how do you identify the non-released package ? By a timestamp ? How do you associate this timestamp with some source ? For an external user having some problem with your project, just because there is something wrong in this non-release package, how do you think someone can help debugging the problem ? How do you track the exact code associated with this non-released package? This is just common sense, and anyone who has already worked with non-released/non-trackable packages know exactly what I mean. Otherwise, if common sense is not enough, you can probably use http://incubator.apache.org/guides/releasemanagement.html#best-practice-dependencies, " (Where appropriate) check the that the application is built against the correct versions" Now, assuming the dependencies are Apache projects, then you can't release them into your own project release, if they aren't themselves released, per http://www.apache.org/dev/release.html#what : " Under no circumstances are unapproved builds a substitute for releases." and again, from http://incubator.apache.org/guides/releasemanagement.html#best-practice-dependencies : "dependencies should comply with the current apache policy" By depending on a non-released component, you are breaking these rules, AFAICT. IMHO, leveraging common-sense should be enough... my2cts --------------------------------------------------------------------- To unsubscribe, e-mail: community-unsubscr...@apache.org For additional commands, e-mail: community-h...@apache.org
