Hi Shahbaz, On Mar 25, 2013, at 12:58 PM, Shahbaz Memon <[email protected]> wrote:
> Hi Suresh, > > Hosting dependencies on (non-third party) public repositories is quite > natural in open source. I would agree with you in general. But apache releases have strictly be legal complaint, not just the Unicore dependencies, but transitive dependencies as well. When official Apache Airavata binaries get distributed, we need to ensure we are not bundling any incompatible licenses which will over ride the apache license [2]. Relying on non-maven central repositories increases the risk of this vulnerability. There are other reasons why ASF is phasing out the reliance on third party dependencies I will find pointers. Thanks, Suresh [1] - http://www.apache.org/dev/licensing-howto.html [2] - http://www.apache.org/legal/3party.html > But it is not easy for Unicore to move all the > project distributions on any other repository at this moment. > Nevertheless we will consider this in the future versions, but cannot > promise on any distribution right now. > > Best Regards, > > Shahbaz > > > On Sun, Mar 24, 2013 at 4:45 AM, Suresh Marru <[email protected]> wrote: >> Hi Shahbaz, >> >> As part of the Apache project practices, we have been trying to move away >> from any custom maven repos. For any 3rd party dependencies which are not >> available from maven central, sonatype provides a open source maven repo [1] >> which gets indexes to maven central [2]. >> >> Can you please consider adding Unicore dependencies to [1] so we can remove >> the need for having a 3rd party repo [3]? >> >> Thanks, >> Suresh >> >> [1] - >> https://docs.sonatype.org/display/Repository/Sonatype+OSS+Maven+Repository+Usage+Guide >> [2] - http://search.maven.org/ >> [3] - http://unicore-dev.zam.kfa-juelich.de/maven >> >> > > > ------------------------------------------------------------------------------------------------ > ------------------------------------------------------------------------------------------------ > Forschungszentrum Juelich GmbH > 52425 Juelich > Sitz der Gesellschaft: Juelich > Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 > Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher > Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender), > Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, > Prof. Dr. Sebastian M. Schmidt > ------------------------------------------------------------------------------------------------ > ------------------------------------------------------------------------------------------------
