Hello,
The GeoMesa project has been following these guidelines:
1. Any direct or transitive compile scope dependency require a full CQ
2. Any direct provided scope dependency requires a 'works-with' CQ
3. Any direct test scope dependencies require a single 'test' CQ
4. Any transitive provided or test dependencies can be disregarded for
IP purposes
Direct here means a top-level dependency declared in your pom,
transitive means that you don't declare it in your pom but it's brought
in by another dependency.
We don't track maven plugins. And AFAIK you need a new CQ even for a bug
fix version, but usually you can request an 'incremental' review (this
is less of an issue with license-only CQs).
If it's helpful, we wrote a bash script to generate our dependencies
using the maven dependency tree:
https://github.com/locationtech/geomesa/blob/master/build/calculate-cqs.sh
Thanks,
Emilio
On 11/23/19 4:09 AM, Christian Kaltepoth wrote:
Hi all,
I have a few questions about CQs, especially in the context of Maven
dependencies. I'm working on a guideline which I will publish in the
project wiki and which other committers of the project can use if they
want to add new dependencies.
I would love to get your feedback about whether the following
assumptions are correct.
* If the dependency is "test"-scoped, it is always a Test and Build
<https://wiki.eclipse.org/Development_Resources/IP/Test_and_Build_Dependencies>
dependency and therefore treated as a /workswith/.
* If the dependency is "provided"-scoped, it is only used at
build-time but not really "distributed" in any way. Instead, it
must be provided by the environment in which the corresponding
Eclipse project is used in. Such dependencies are therefore also
/workswith/.
* Dependencies which are "compile"-scoped are usually /prereq/
dependencies. However, if the dependency is part of some kind of
"optional addon module" of the Eclipse project and not part of the
"core functionality", it is /workswith/.
* Maven plugins are usually /workswith/.
* You can update to newer patch releases of a third-party dependency
without filing a new CQ. So in most cases it is fine to update
from something like 1.2.4 to 1.2.9, but not to 1.3.0. Of course
this only works the license of the dependency didn't change.
I would love to hear your thoughts.
Christian
--
Christian Kaltepoth
Blog: http://blog.kaltepoth.de/
Twitter: http://twitter.com/chkal
GitHub: https://github.com/chkal
_______________________________________________
incubation mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://www.eclipse.org/mailman/listinfo/incubation
_______________________________________________
incubation mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://www.eclipse.org/mailman/listinfo/incubation
