I'm not demanding the assembly ... It was just the last missing part in the migration to Maven. Most ASF projects provide such convenience binary archives, but an ASF release is the source only anyway.
I admit that your script would do the job. Another thing worth looking into might be the Maven wrapper, which would eliminate the need to download Maven, as someone not wanting to use Maven would have to install Maven in order to NOT use it afterwards ;-) ... Users using Maven wouldn't use the script. Chris Von meinem Samsung Galaxy Smartphone gesendet. -------- Ursprüngliche Nachricht -------- Von: Dale LaBossiere <dlab...@apache.org> Datum: 11.07.17 21:29 (GMT+01:00) An: dev@edgent.apache.org Betreff: maven and distribution bundles with transitive deps: licensing¬ice Hi, Can’t we eliminate releasing binary bundles containing transitive deps and in doing so eliminate a huge amount of licensing/notice pain for us? But still supply what users need. As I understand it / ASF policy, the newly generated distribution bundles lack the necessary license/notice info for transitive deps contained in the bundle. That’s what the binary-release/LICENSE and licenses/binary-release/* was all about (included in the gradle generated binary bundles). Justin indicated we needed to have full copies of license/notice text not just URLs to it (since the URL may have different text at a later date that doesn’t match that text applicable for the contained deps). I see the new distribution stuff also generates edgent-distribution-<ver>.jar. Its META-INF/DEPENDENCIES has a nice listing of all the transitive deps license info but it’s (a) just URLs to licenses, (b) lacks any notice info, and (c) isn’t included in the generated binary release bundle. Maybe I just don’t understand how this is supposed to work. Not releasing a binary bundle also eliminates validation/testing of it. My hope was that viable / better alternative is to provide an easy way for users themselves to get the Edgent jars and transitive external deps themselves from maven-central (or any maven repo). Presumably we'd just need to tell the user something like: “This command retrieves the Edgent jars and their transitive external dependencies. The external dependencies come with their own licensing terms that you should review. A summary of the transitive dependencies and their licenses can be found here <url to something like the info in the aforementioned META-INF/DEPENDENCIES and/or binary-release/LICENSING file>. Continue? <yes|no>” That’s what get-edgent-jars.sh (https://paste.apache.org/p/GI0n <https://paste.apache.org/p/GI0n>) was working towards. Is this making sense / compelling / a valid and (sufficiently) user friendly approach? To clarify for all, this tool (equivalently a binary bundle) is only needed by Edgent users that don’t use maven/maven-repo enabled app development tools or that don’t use those tools to generate a standalone “über jar” for their Edgent app to deploy to their edge device. — Dale
