Hi Folks, Thank you to everyone that replied here. Some excellent guidance which I appreciate. In resolution, we made the upgrade in Any23 https://issues.apache.org/jira/browse/ANY23-264 I think we will most likely drop the release candidate, spin a new one and get back to VOTE'ing. Thank you Lewis
On 2018/02/08 20:52:15, Phil Steitz <phil.ste...@gmail.com> wrote: > Hi Lewis, > > Did you build the snapshot jar yourself? If not, where did you get > it? Are you bundling the compiled jar with your distribution? > > It would be much better to either upgrade to a released version (the > best alternative) or if that is too painful, grab the sources, > repackage them and incorporate the source into your distro.  It > looks like there is a revision number in the snapshot jar name, so > you could probably recover the source by checking out the revision > it refers to. The problem with depending on (and I assume > distributing) an unreleased snapshot jar is you can't be sure what > is in it and keeping the package name also makes it effectively a > release of the snapshotted component, which was not voted by the > owning PMC, which is a no-no (see below). Pulling in and > repackaging the sources makes it clear what is going on and also > gives users access to the source. Or better, just upgrade to a > released version. > > In terms of policy, see the section in [1] on "Distribution of > unreleased materials." If you bundle the unreleased jar, you are > violating this policy. If you incorporate the source, included it > in your distribution and release it, then *you* are releasing it, > which is OK, though repackaging should be done in this case to avoid > confusion with source and artifacts from the other PMC. > > Phil > > [1] http://www.apache.org/dev/release-distribution.html > > On 2/8/18 11:26 AM, lewis john mcgibbney wrote: > > Hi Folks, > > Over at Any23 [0], we have, for some time, been depending upon an old > > SNAPSHOT of commons-csv which we host in SVN [1] and utilize in our POM [2]. > > During a recent review process for our 2.2 release candidate, it was > > pointed out that there may be an issue with this practice. > > Can someone please point me towards documentation on this practice such > > that we can determine if we need to fix the issue or if we can release the > > candidate then fix for the next release? > > Thank you kindly, > > Lewis > > > > [0] http://any23.apache.org > > [1] https://svn.apache.org/repos/asf/any23/repo-ext/ > > [2] https://github.com/apache/any23/blob/master/pom.xml#L603-L606 > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org