Hi Folks,
Thank you to everyone that replied here. Some excellent guidance which I 
In resolution, we made the upgrade in Any23 
I think we will most likely drop the release candidate, spin a new one and get 
back to VOTE'ing.
Thank you

On 2018/02/08 20:52:15, Phil Steitz <phil.ste...@gmail.com> wrote: 
> Hi Lewis,
> Did you build the snapshot jar yourself?  If not, where did you get
> it?  Are you bundling the compiled jar with your distribution?
> It would be much better to either upgrade to a released version (the
> best alternative) or if that is too painful, grab the sources,
> repackage them and incorporate the source into your distro.   It
> looks like there is a revision number in the snapshot jar name, so
> you could probably recover the source by checking out the revision
> it refers to. The problem with depending on (and I assume
> distributing) an unreleased snapshot jar is you can't be sure what
> is in it and keeping the package name also makes it effectively a
> release of the snapshotted component, which was not voted by the
> owning PMC, which is a no-no (see below).  Pulling in and
> repackaging the sources makes it clear what is going on and also
> gives users access to the source.  Or better, just upgrade to a
> released version.
> In terms of policy, see the section in [1] on "Distribution of
> unreleased materials."  If you bundle the unreleased jar, you are
> violating this policy.  If you incorporate the source, included it
> in your distribution and release it, then *you* are releasing it,
> which is OK, though repackaging should be done in this case to avoid
> confusion with source and artifacts from the other PMC.
> Phil
> [1] http://www.apache.org/dev/release-distribution.html
> On 2/8/18 11:26 AM, lewis john mcgibbney wrote:
> > Hi Folks,
> > Over at Any23 [0], we have, for some time, been depending upon an old
> > SNAPSHOT of commons-csv which we host in SVN [1] and utilize in our POM [2].
> > During a recent review process for our 2.2 release candidate, it was
> > pointed out that there may be an issue with this practice.
> > Can someone please point me towards documentation on this practice such
> > that we can determine if we need to fix the issue or if we can release the
> > candidate then fix for the next release?
> > Thank you kindly,
> > Lewis
> >
> > [0] http://any23.apache.org
> > [1] https://svn.apache.org/repos/asf/any23/repo-ext/
> > [2] https://github.com/apache/any23/blob/master/pom.xml#L603-L606
> >
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
> For additional commands, e-mail: dev-h...@community.apache.org

To unsubscribe, e-mail: dev-unsubscr...@community.apache.org
For additional commands, e-mail: dev-h...@community.apache.org

Reply via email to