Hi, On Wed, Feb 27, 2013 at 5:48 PM, Andy Seaborne <[email protected]> wrote:
> On 27/02/13 14:41, Sebastian Schaffert wrote: > >> Hi all, >> >> following Andy's advice and an internal discussion here with the Stanbol >> people, I suggest to proceed towards the release as follows: >> - I will replace c3p0 beginning of next week with the tomcat JDBC >> connection manager >> - we configure all optional modules with inappropriate dependencies >> (ldclient-provider-ldap, mysql tests, ...) so they are only built when a >> certain maven profile is active; in this way we can avoid them getting >> deployed anywhere while interested users can still build them themselves >> >> The only "big" task is replacing c3p0, but I expect it to take no longer >> than a day. :) >> >> Greetings, >> >> Sebastian >> > > Fabian, Nandana - I've not had to deal with optional dependencies. Do > either of you know if this is OK? I also didn't have to deal with optional dependencies in the past but it seems these issues have to dealt case by case checking whether they fully optional, clearly marked, and easily removed. In general, the libraries which are referenced indirectly (i.e. via standard API like JDBC and not referenced via imports in the source code), fully optional with other alternatives and not included in the distribution are ok. As mentioned by Sebastian, LEGAL-21 gives the OK for mysql dependency under aforementioned conditions. But I think it is not the same for the UnboundID LDAP SDK in our case. There are a direct imports of that library in the ldclient-provider-ldap module. So I am not sure removing those modules from the build using a profile will solve the issue. Will the release contain source distributions of those modules ? In any case, the ldclient-provider-ldap module will remain in the Apache source repository. So IMHO, the best thing would be to clarify this concrete case with Apache legal as that is what we have been asked to do when we are in doubt. LEGAL-160 does not cover including it as an optional module. The other option would be to migrate to Apache LDAP if it is feasible. For Javassist / JBoss Logging, I assume you are moving to the versions that were released under AL so there won't be any issues. Best Regards, Nandana
