On 11/4/11 7:28 AM, Alexander Kurtakov wrote: > On 13:04:06 Friday 04 November 2011 Stephen Connolly wrote: >> On 4 November 2011 10:22, Benjamin Bentmann <[email protected]> > wrote: >>> David Jencks wrote: >>>> Another month went by.... any progress? >>> >>> The sources were checked into git according to parallel IP, awaiting full >>> legal approval. Some dependencies still await review [0], too. >> >> Any idea what's needed to prod the process along... never having been >> involved at eclipse before, this seems like a rather long process with >> no visibility (as far as I can see) as to what is taking place and >> where the blockers are > > Eclipse IP team is going through every single dependency (even test ones) and > checks that they have proper license and so on. And Maven projects tend to > have so many dependencies that this is only slowing the process. Note that > different version of e.g. plexus-utils have to be examined separately because > something can sneak in. And a number of plexus artifacts are missing license > information in a number of places (just an example). > Please note that this is a problem not only for Eclipse but for others too. > We > (Fedora) have opened a number of issues to get licencing clarified in so many > places that I can't count them only for maven+plugins dependencies. > Another thing is the usage of outdated and obsoleted versions in a number of > artifacts which have to reviewed separately despite them being dead for long > time. Btw, this is part of the usual complain that Maven downloads the > Internet because for certain artifacats usual "clean install" downloads more > than 5 versions with all of their dependencies. This is certainly a burden > for > every IP clearance review.
If only the review could be distributed, and the dependencies be published with some sort of signature pre-certifying them. But I guess that would amount to Eclipse (and others...Fedora?) trusting the certifications coming from an outside entity. It seems a tad wasteful to have multiple entities doing the same thing in parallel, and it's definitely sub-optimal to have this sort of bottleneck develop just before a release happens. > > Alexander Kurtakov > >> >>> Benjamin >>> >>> >>> [0] >>> http://www.eclipse.org/projects/ip_log.php?projectid=technology.aether >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- John Casey Developer, PMC Chair - Apache Maven (http://maven.apache.org) Blog: http://www.johnofalltrades.name/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
