Hi Lewis, Did you build the snapshot jar yourself? If not, where did you get it? Are you bundling the compiled jar with your distribution?
It would be much better to either upgrade to a released version (the best alternative) or if that is too painful, grab the sources, repackage them and incorporate the source into your distro. It looks like there is a revision number in the snapshot jar name, so you could probably recover the source by checking out the revision it refers to. The problem with depending on (and I assume distributing) an unreleased snapshot jar is you can't be sure what is in it and keeping the package name also makes it effectively a release of the snapshotted component, which was not voted by the owning PMC, which is a no-no (see below). Pulling in and repackaging the sources makes it clear what is going on and also gives users access to the source. Or better, just upgrade to a released version. In terms of policy, see the section in [1] on "Distribution of unreleased materials." If you bundle the unreleased jar, you are violating this policy. If you incorporate the source, included it in your distribution and release it, then *you* are releasing it, which is OK, though repackaging should be done in this case to avoid confusion with source and artifacts from the other PMC. Phil [1] http://www.apache.org/dev/release-distribution.html On 2/8/18 11:26 AM, lewis john mcgibbney wrote: > Hi Folks, > Over at Any23 [0], we have, for some time, been depending upon an old > SNAPSHOT of commons-csv which we host in SVN [1] and utilize in our POM [2]. > During a recent review process for our 2.2 release candidate, it was > pointed out that there may be an issue with this practice. > Can someone please point me towards documentation on this practice such > that we can determine if we need to fix the issue or if we can release the > candidate then fix for the next release? > Thank you kindly, > Lewis > > [0] http://any23.apache.org > [1] https://svn.apache.org/repos/asf/any23/repo-ext/ > [2] https://github.com/apache/any23/blob/master/pom.xml#L603-L606 > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
