Sorry, for entering this late (too much travel makes it hard to keep
up-to-date)...
On Tue, Jul 8, 2008 at 9:38 PM, William A. Rowe, Jr.
[EMAIL PROTECTED] wrote:
Davanum Srinivas wrote:
I doubt we will get much help from the maven team to support this use
case. They would rather get the
On Mon, 2008-07-07 at 17:06 -0700, Roy T. Fielding wrote:
Yes, it would be nice if Maven was more secure, properly checked
signatures, and properly delegated namespaces so that third-parties
would be unable to add artifacts within other org's trees. None of
those issues are specific to
On Sat, Jul 12, 2008 at 4:14 PM, Paul Querna [EMAIL PROTECTED] wrote:
However, AFAIK, CPAN doesn't allow every CPAN author to overwrite the files
of every other CPAN author. Thats the situation we are in now with the
Maven Repository, because we just use the filesystem on people.apache.org as
On Fri, 2008-07-11 at 09:23 -0400, Jim Jagielski wrote:
And I am forced to agree as well... To be honest, I still at times
question exactly the relationship between the ASF and Maven is.
It's no surprise that Maven chomps at the bit quite a bit regarding
ASF policies, but values the Apache
On Jul 13, 2008, at 10:15 AM, Henning Schmiedehausen wrote:
On Fri, 2008-07-11 at 09:23 -0400, Jim Jagielski wrote:
And I am forced to agree as well... To be honest, I still at times
question exactly the relationship between the ASF and Maven is.
It's no surprise that Maven chomps at the bit
Jukka Zitting wrote:
Hi,
On Wed, Jul 9, 2008 at 8:46 PM, Paul Querna [EMAIL PROTECTED] wrote:
Noel J. Bergman wrote:
[...] Until the Maven PMC stops abrogating its responsibility and addresses
the issues, there does not appear to be anything that we can do about
Maven's flaws short of banning
On Jul 9, 2008, at 12:16 PM, Noel J. Bergman wrote:
I am forced to agree with Roy on these points. Until the Maven PMC
stops
abrogating its responsibility and addresses the issues, there does not
appear to be anything that we can do about Maven's flaws short of
banning
use of the public
On Jul 7, 2008, at 11:06 PM, Daniel Kulp wrote:
Again, Are u stating that removing this restriction would have
reduced
the time taken to graduate from 2 years to 1 year?
We'll never know. It certainly affected some of the features we
concentrated on and thus may or may not have
Hi Jim,
It's no surprise that Maven chomps at the bit quite a bit regarding
ASF policies, but values the Apache brand enough to tow the
line.
Did you mean Maven as Maven repo deployed @Apache or Maven the
PMC? As Noel was talking specifically about the PMC. We can certainly
ban Maven repo
On Jul 11, 2008, at 9:40 AM, Andrus Adamchik wrote:
Hi Jim,
It's no surprise that Maven chomps at the bit quite a bit regarding
ASF policies, but values the Apache brand enough to tow the
line.
Did you mean Maven as Maven repo deployed @Apache or Maven the
PMC? As Noel was talking
but I don't think ASF policies apply to the architecture decisions
(good or bad) and development direction of any given project.
They don't. Sorry if that wasn't clear :)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For
The two are different things. I agree about the technical problem (and
can add a dozen of other Maven-related things that drive me crazy as a
user). I don't agree that ignoring this problem by the Maven folks
constitutes a violation of some Apache policy. So let's approach it in
an open
On Jul 11, 2008, at 5:04 PM, Jim Jagielski wrote:
but I don't think ASF policies apply to the architecture decisions
(good or bad) and development direction of any given project.
They don't. Sorry if that wasn't clear :)
Yep. That's where I was getting. You can ignore my last message
2008/7/11 Jim Jagielski [EMAIL PROTECTED]:
But we could also say the fact that CXF is in the Incubator also
prevented people from migrating, or discouraged attracting
committers...
I've heard that stated before and I think it's something the podlings
should be keeping in mind.
IMO, the
Hi Jim,
2008/7/11 Jim Jagielski [EMAIL PROTECTED]:
And I am forced to agree as well... To be honest, I still at times
question exactly the relationship between the ASF and Maven is.
It's no surprise that Maven chomps at the bit quite a bit regarding
ASF policies, but values the Apache brand
2008/7/12 Andrus Adamchik [EMAIL PROTECTED]:
So let's approach it in an open source way
- try to persuade Maven committers to pay attention and/or contribute the
code to fix the problem.
Thanks Andrus - this is certainly the best thing anyone can do. It's
unfortunate that there hasn't been
On Jul 11, 2008, at 12:07 PM, Brett Porter wrote:
Hi Jim,
2008/7/11 Jim Jagielski [EMAIL PROTECTED]:
And I am forced to agree as well... To be honest, I still at times
question exactly the relationship between the ASF and Maven is.
It's no surprise that Maven chomps at the bit quite a bit
Roy T. Fielding wrote:
There is no reason for a separate repository. [A separate repo] does not
help protect users from incubator code, since users don't set the Maven
configs that define which repos to use and which modules are dependencies.
At best, what it does is add an irrelevant
I think that I am in a unique position to comment on this
question. I am sure there are a lot of legal things and the Maven
repository that can be pointed to as reasons why not to have an
Incubator but I have been very pleased with the fact that Apache
*does* have the Incubator. It has been
Noel J. Bergman wrote:
Roy T. Fielding wrote:
There is no reason for a separate repository. [A separate repo] does not
help protect users from incubator code, since users don't set the Maven
configs that define which repos to use and which modules are dependencies.
At best, what it does is
Angela Cymbalak wrote:
I think that I am in a unique position to comment on this question. I
am sure there are a lot of legal things and the Maven repository that
can be pointed to as reasons why not to have an Incubator but I have
been very pleased with the fact that Apache *does* have the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Happy to confirm it was indeed a rant :) Just wanted folks to see all points of
view before they cast their vote.
Especially to at least understand why a particular feature was in place and
think thru the pros and cons.
thanks,
dims
William A.
Noel J. Bergman wrote:
Roy T. Fielding wrote:
There is no reason for a separate repository. [A separate repo] does not
help protect users from incubator code, since users don't set the Maven
configs that define which repos to use and which modules are dependencies.
At best, what it does is
On Mon, Jul 7, 2008 at 10:09 PM, Davanum Srinivas [EMAIL PROTECTED] wrote:
Isn't it just a IP Clearance SVN now once people have their way with
no distinction at all between incubator and non-incubator code?
What incentives are there left to graduate? How come a little bit of
pain that makes
Jochen Wiedmann wrote:
On Wed, Jul 9, 2008 at 6:16 PM, Noel J. Bergman [EMAIL PROTECTED] wrote:
However, the Maven repository situation has little to do with the need for
an Incubator.
Obviously you choose to pick out everying Ron's writing about the
flaws in Maven / the Maven repository
Hi,
On Wed, Jul 9, 2008 at 8:46 PM, Paul Querna [EMAIL PROTECTED] wrote:
Noel J. Bergman wrote:
[...] Until the Maven PMC stops abrogating its responsibility and addresses
the issues, there does not appear to be anything that we can do about
Maven's flaws short of banning use of the public
Jukka,
fwiw. My objection(s) had nothing to do with security.
thanks,
dims
On Wed, Jul 9, 2008 at 6:25 PM, Jukka Zitting [EMAIL PROTECTED] wrote:
Hi,
On Wed, Jul 9, 2008 at 8:46 PM, Paul Querna [EMAIL PROTECTED] wrote:
Noel J. Bergman wrote:
[...] Until the Maven PMC stops abrogating its
Hi,
On Thu, Jul 10, 2008 at 2:42 AM, Davanum Srinivas [EMAIL PROTECTED] wrote:
fwiw. My objection(s) had nothing to do with security.
I was just responding to comments by Noel and Paul. Sorry for the tangent.
BR,
Jukka Zitting
On 9-Jul-08, at 4:42 PM, William A. Rowe, Jr. wrote:
Jochen Wiedmann wrote:
On Wed, Jul 9, 2008 at 6:16 PM, Noel J. Bergman [EMAIL PROTECTED]
wrote:
However, the Maven repository situation has little to do with the
need for
an Incubator.
Obviously you choose to pick out everying Ron's
Understood. Taking a bit out of the email:
Such a dependency might be made somewhat invisible by transitive
dependencies on incubating projects, but the problem is exactly the
same if a non-incubating project depends on GPL stuff transitively.
That's a Maven problem, not an incubator problem.
Bertrand,
Facts:
- We have 11 failures so far in the incubator
(http://incubator.apache.org/projects/index.html)
- We have had G PMC pick up the code from a failed incubation (Yoko)
- We have disclaimers all over the place
(http://incubator.apache.org/guides/branding.html)
Any PMC that ships
Hi Dims,
On Tue, Jul 8, 2008 at 12:25 PM, Davanum Srinivas [EMAIL PROTECTED] wrote:
...Any PMC that ships incubator developed code is responsible for what
happens when a community does not form around the code base used. Any
one outside Apache that ships incubator code should be totally aware
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok. Next we get rid of disclaimers everywhere? What purpose does that serve?
- -- dims
Bertrand Delacretaz wrote:
| Hi Dims,
|
| On Tue, Jul 8, 2008 at 12:25 PM, Davanum Srinivas [EMAIL PROTECTED] wrote:
|
| ...Any PMC that ships incubator
On Tue, Jul 8, 2008 at 1:56 PM, Davanum Srinivas [EMAIL PROTECTED] wrote:
...Ok. Next we get rid of disclaimers everywhere? What purpose does that
serve?...
I don't see why we would get rid of disclaimers.
-Bertrand
Bertrand Delacretaz wrote:
| Hi Dims,
|
| On Tue, Jul 8, 2008 at 12:25
if one set of users never see them, why should everyone else?
-- dims
On Tue, Jul 8, 2008 at 8:18 AM, Bertrand Delacretaz
[EMAIL PROTECTED] wrote:
On Tue, Jul 8, 2008 at 1:56 PM, Davanum Srinivas [EMAIL PROTECTED] wrote:
...Ok. Next we get rid of disclaimers everywhere? What purpose does that
Davanum Srinivas wrote:
So can we figure out another way to make the end user make a conscious
decision?
I doubt we will get much help from the maven team to support this use
case. They would rather get the central repo and get it done! What
bugs me is that in this whole discussion, no one
On Jul 7, 2008, at 5:21 PM, Roy T. Fielding wrote:
On Jul 7, 2008, at 5:01 PM, Justin Erenkrantz wrote:
Apache isn't about 'community over code'. The code is just as
important - if not more so. For Incubator releases, the releases
aren't held to the same legal standard as releases from
Craig L Russell wrote:
On Jul 7, 2008, at 5:21 PM, Roy T. Fielding wrote:
On Jul 7, 2008, at 5:01 PM, Justin Erenkrantz wrote:
Apache isn't about 'community over code'. The code is just as
important - if not more so. For Incubator releases, the releases
aren't held to the same legal
Roy T. Fielding wrote:
Justin Erenkrantz wrote:
For Incubator releases, the releases aren't held to the same legal
standard
as releases from other PMCs.
Huh? The only difference I know of is the possible presence
of external dependencies on LGPL code, which is not a legal
question at
Sorry...Need to take this off my chest before the official VOTE.
Looking at the maven repo thread, begs the question. Do we really need
an incubator?
Isn't it just a IP Clearance SVN now once people have their way with
no distinction at all between incubator and non-incubator code?
What
On Jul 7, 2008, at 5:09 PM, Davanum Srinivas wrote:
Sorry...Need to take this off my chest before the official VOTE.
Looking at the maven repo thread, begs the question. Do we really need
an incubator?
Isn't it just a IP Clearance SVN now once people have their way with
no distinction at all
Hi,
On Tue, Jul 8, 2008 at 12:09 AM, Davanum Srinivas [EMAIL PROTECTED] wrote:
Sorry...Need to take this off my chest before the official VOTE.
Good, thanks! It's best to have all relevant points discussed before voting.
I'll wait at least a week after the last message on a related thread
Dan,
Seriously, Can you please give me one concrete instance where a user
gave up because it was too hard?
Again, Are u stating that removing this restriction would have reduced
the time taken to graduate from 2 years to 1 year?
We are *NOT* here to rubber stamp external code. Which is what we
Jukka,
Yes, this is related. But i think folks have made up their mind about
the repo. this is about the role of the incubator itself which is
becoming over cumbersome and meaningless to many folks...
thanks,
dims
On Mon, Jul 7, 2008 at 6:22 PM, Jukka Zitting [EMAIL PROTECTED] wrote:
Hi,
On
Hi,
On Tue, Jul 8, 2008 at 12:09 AM, Davanum Srinivas [EMAIL PROTECTED] wrote:
What incentives are there left to graduate?
I don't think we have a problem with projects not graduating once
they're ready. Yes, we've had to prod some projects to take that step,
but generally that hasn't been an
On Mon, Jul 7, 2008 at 2:49 PM, Daniel Kulp [EMAIL PROTECTED] wrote:
So, my question is, if Apache is about Community over code, why are we
putting up barriers to getting the code if that is also creating barriers to
building the community?
Apache isn't about 'community over code'. The code
Dims, I have to disagree. The releases that we allow incubating
projects
to make, with three +1s and a majority approval, are full Apache
releases.
They have been officially approved by the foundation and we are 100%
responsible for their content. That's okay, because they also tend to
On Jul 7, 2008, at 5:01 PM, Justin Erenkrantz wrote:
Apache isn't about 'community over code'. The code is just as
important - if not more so. For Incubator releases, the releases
aren't held to the same legal standard as releases from other PMCs.
Huh? The only difference I know of is the
Roy,
I see what you are saying...
Do you agree that the intention is for the end user to pause for a
second to understand what he/she is using and understand that there
are some disclaimers etc that go along with a set of artifacts?
Yes. may be this is the wrong way to enforce that intention.
From what I have seen many of the incubator releases have been better
vetted than those
from graduated projects. So I don't buy the argument.
I also had to bite my tough on the maven thread.. I think it is mostly
BS to give Java an easy
route to publicity from inside incubator if no other
Roy,
I've created a JIRA here on the securing the artifacts request :
http://jira.codehaus.org/browse/MNG-3659
Thanks,
dims
PS: Seriously why can't the mvn issue tracker be inhouse and not at codehaus? :(
On Mon, Jul 7, 2008 at 8:06 PM, Roy T. Fielding [EMAIL PROTECTED] wrote:
Dims, I have to
On Mon, Jul 7, 2008 at 5:21 PM, Roy T. Fielding [EMAIL PROTECTED] wrote:
Huh? The only difference I know of is the possible presence
of external dependencies on LGPL code, which is not a legal
question at all. All legal issues are satisfied before we
even let the code be imported, let alone
On Jul 7, 2008, at 6:59 PM, Davanum Srinivas wrote:
Dan,
Seriously, Can you please give me one concrete instance where a user
gave up because it was too hard?
It falls into a few situations:
1) Without stuff in the main repo, you cannot do plugins that do
things similar to the mvn
Please see below:
On Mon, Jul 7, 2008 at 11:06 PM, Daniel Kulp [EMAIL PROTECTED] wrote:
On Jul 7, 2008, at 6:59 PM, Davanum Srinivas wrote:
Dan,
Seriously, Can you please give me one concrete instance where a user
gave up because it was too hard?
It falls into a few situations:
1)
Hi Dims,
On Mon, Jul 7, 2008 at 11:09 PM, Davanum Srinivas [EMAIL PROTECTED] wrote:
Sorry...Need to take this off my chest before the official VOTE.
Thanks for this.
...Looking at the maven repo thread, begs the question. Do we really need
an incubator?
Isn't it just a IP Clearance SVN now
55 matches
Mail list logo