Thanks for the updates Sravya, looks good. Yes, we should document the dependencies someplace putting them on a wiki is probably okay for now, but it will likely change fairly frequently. Would be good to have some automation around this - the Maven dependency plugin has support for generating a report on all dependencies: https://maven.apache.org/plugins/maven-dependency-plugin/analyze-report-mojo.html
Example output: https://hadoop.apache.org/docs/stable/hadoop-project-dist/hadoop-common/dependency-analysis.html We should consider doing something similar. Thanks, Lenni On Fri, Jan 22, 2016 at 4:54 PM, Sravya Tirukkovalur <[email protected]> wrote: > Thanks Lenni for your feedback! Added some data points (links) to the doc. > > For the external dependencies, here is the list I got using "mvn clean > dependency:list -DexcludeTransitive=true" and doing some cleaning up for > duplicates: > > ant-contrib > > cglib > > com.google.guava > > com.jolbox > > commons-cli > > commons-lang > > commons-logging > > io.dropwizard.metrics > > javax.jdo > > joda-time > > junit > > log4j > > org.apache.commons > > org.apache.curator > > org.apache.derby > > org.apache.hadoop > > org.apache.hive.hcatalog > > org.apache.hive > > org.apache.pig > > org.apache.sentry > > org.apache.shiro > > org.apache.solr > > org.apache.sqoop > > org.apache.thrift > > org.apache.zookeeper > > org.datanucleus > > org.easymock > > org.easytesting > > org.eclipse.jetty > > org.hamcrest > > org.mockito > > org.objenesis > org.slf4j > > I do not see anything except for junit in our proposal document. I think we > should document these dependencies and their licenses some where? > > Thanks! > > On Wed, Jan 20, 2016 at 4:41 PM, Lenni Kuff <[email protected]> wrote: > > > Hi Sravya, > > Thanks for putting together this document, it's very useful. With respect > > to your comments: > > > > 1) Dependencies - Not sure if there is a better way, but you can run > > something like: > > *>* *mvn clean dependency:list -DexcludeTransitive=true* > > to get a listing of all the current dependencies specified in the > > project. > > > > > > 2) Only comments in the doc are to point out links to backup your point > > where relevant. > > > > Thanks, > > Lenni > > > > On Wed, Jan 20, 2016 at 2:53 PM, Sravya Tirukkovalur < > [email protected]> > > wrote: > > > > > Hello all, > > > > > > Bumping up this thread after the holiday season. Please take a look and > > > provide feedback. > > > > > > Also I updated the doc to capture the vote for Committer == PPMC. > > > > > > I still have one outstanding question: > > > - How do projects usually keep track of list of external dependencies > for > > > license checking? Is it just reading through the maven pom file? Or is > > > there a standard way? > > > > > > I think I figured the answer for this question - What is the source of > > > truth for ICLAs? How do we double check all new committers have ICLAs > > > filed? > > > - Members with ICLAs filed and in Sentry group should appear here: > > > http://people.apache.org/committers-by-project.html#sentry > > > > > > On Fri, Nov 27, 2015 at 10:25 PM, Sravya Tirukkovalur < > > [email protected] > > > > > > > wrote: > > > > > > > Hi folks, > > > > > > > > Here is the initial draft of Sentry maturity assessment: > > > > > > > > > > https://cwiki.apache.org/confluence/display/SENTRY/Sentry+maturity+assessment > > > > > > > > Mentors & community members: Your feedback is valuable here. Looking > > > > forward to constructive criticism if any, which can help the Sentry > > > > community and its graduation. > > > > > > > > Also, I had a couple quick questions while drafting this. > > > > 1. How do projects usually keep track of list of external > dependencies? > > > Is > > > > it just reading through the maven pom file? Or is there a standard > way? > > > > 2. What is the source of truth for ICLAs? How do we double check all > > new > > > > committers have ICLAs filed apart from reading through the private > mail > > > > archives? > > > > > > > > Regards, > > > > -- > > > > Sravya Tirukkovalur > > > > > > > > > > > > > > > > -- > > > Sravya Tirukkovalur > > > > > > > > > -- > Sravya Tirukkovalur >
