[
https://issues.apache.org/jira/browse/SOLR-3405?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13263220#comment-13263220
]
Jan Høydahl commented on SOLR-3405:
-----------------------------------
{quote}
bq. It's been too easy to include questionable libs or non-released libs, and
that's the real problem if you ask me. So publishing to mvn-repo actually keeps
us accountable in legally being good Apache citizens as well as shipping higher
quality, more stable stuff.
Thats bullshit. Being in maven repositories doesn't make anything more legal.
{quote}
I'm not saying that. I'm saying that *a positive side effect* of publishing
*all* our release artifacts to a broader public is that it helps detect bad and
hacky practices in our own code. If we feel we need to hide the truth about our
dependencies or build artifacts then it is better to put a bright light on why
than shuffling things underneath a carpet.
Once in a while we judge that it may still be more gain than pain to include
some unreleased lib or a patched version of a lib in our distro (after having
first tried to get it fixed upstream) and that's fine with me; if repackaging
properly under new namespace and include this as a (temporary) custom
dependency, both in our binary distro and therefore also in maven-repos. But we
should try to replace these custom deps by official release versions when
possible.
> maven artifacts should be equivalent to binary packaging
> --------------------------------------------------------
>
> Key: SOLR-3405
> URL: https://issues.apache.org/jira/browse/SOLR-3405
> Project: Solr
> Issue Type: Task
> Components: Build
> Reporter: Robert Muir
> Fix For: 4.1
>
>
> Lets take the commons-csv scenario:
> * apache-solr-3.5.0 binary distribution contains no actual commons-csv.jar
> anywhere,
> in fact it contains no third party jars (the stuff present in solr/lib) at
> all.
> * binary distribution contains only the jars necessary for *solrj* and
> *contrib plugins*, and a solr.war
> I think the maven artifacts should match whats in the binary release (no
> third party jars
> inside the .war are "exposed", we just publish the .war itself). This exposes
> a lot less surface area.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
