On May 23, 2009, at 10:50 PM, Santiago Gala wrote:
Is it that we have identified a new issue that actually affects _all_ Maven based releases, not just Shindig?No not necessarily. You can use maven to produce binary releases that have all the required legal details inside of them; it just isn't automatically taken care of.Not that I want to mud the waters even more,
you failed :)
but how does the word "binary" vs source affects the code that is both binary and source?
N/A.I'll try and be even more specific - the point _in this case_ is that by default a _maven-style_ binary release will _typically_ embed third- party dependencies in the binary distribution package (i.e. for shindig the .war contains non-apache .jars), while a _maven-style_ source release will _typically_ embed only things already found in the source repository (i.e. for shindig third party .jars are not included in the source tarball).
Substantial parts of shindig are ecmascript and php. In fact a releaseof shindig-php that does not contain *any* binary that is not source atthe same time is a very realistic thought. Would this hypothetical release be considered source or binary?
Source.
I ask because it is clear that there are different requirements to both.
Not really (from the legal side) -- released artifacts have to contain all the right legal details in all the right places for everything that they contain. This is always true - whether the release is "binary", "source", "runnable source", "mixed" or "yo mamma's".
cheers, - Leo
smime.p7s
Description: S/MIME cryptographic signature
