On Fri, Jul 25, 2014 at 7:06 AM, Vincent Hennebert <vhenneb...@gmail.com> wrote: > there's an undergoing debate in the XML Graphics project about doing > a release that has a dependency on a snapshot version of another > (Apache, for that matter) project. > > I know there's a policy at Apache to not release a project that has > non-released dependencies. The problem is, I don't know how I know > that... I cannot seem to be able to find any official documentation that > explicitly states it. > > The following link: http://www.apache.org/dev/release.html#what is > apparently not convincing enough. I'm answered that this concerns our > own project but that it's fine to do an official release containing > a snapshot binary. > > Saying that every binary artefact has to be backed by source code and > that, in the case of a snapshot, we have to point to some Subversion > revision number, is apparently not convincing enough either. Despite the > obvious dependency nightmare that that would cause to users (and, in > particular, Maven users and Linux distributions). > > Does anybody have any official reference to point at, that I may have > missed? More convincing arguments, legal reasons (should I forward to > legal-discuss@)?
There are many topics on which only guidelines exist. In my opinion as an ASF member, this is not one of them. http://www.apache.org/dev/release-publishing.html#what > the fundamental requirement for a release is that it consist > of the necessary source code to build the project That doesn't just mean building the project at the moment. It means 3 or 5 years down the road. Building against a snapshot isn't reproducible in the long term. If a user at some point cannot change a line of code in your release and recompile the code, you've failed to meet the release requirements. Again, having your release buildable from code is the *ONLY* requirement for a release (other than legally owning the code). You can publish a release which is completely non-functional and unsuitable for the purpose for which it was designed (we hope you will not), but you cannot publish a release which is not buildable from source. As for addressing the specific situation, In order to make an acceptable release against a snapshot, you would need to bundle a buildable version of the snapshot source code (ie, an internal "release" of that source code) as part of your release. However, since the dependency is on another ASF project, there's really no reason not to just get that other project to create an official release for you. --------------------------------------------------------------------- To unsubscribe, e-mail: community-unsubscr...@apache.org For additional commands, e-mail: community-h...@apache.org
