Geronimo had similar issues where they needed to include jars from other projects so that they could have a repeatable build process. Take for instance, a customer that is trying to build the project 10 years from now (unlikely but that is the thought).
They included the tar balls for Dojo in a place called repository which contained the artifacts in question. See the following reference: https://svn.apache.org/repos/asf/geronimo/server/tags/2.1.4/repository/org/dojotoolkit/dojo/1.0.2/ On Sep 16, 2010, at 2:12 PM, Josh Thompson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Mentors: > > I have a question about bundling 3rd party software in the release artifact. > I'm planning to include the Dojo Toolkit in the artifact. It is released > under the Academic Free License. I've done what is needed with the LICENSE > and NOTICE files. > > What I can't find information about is if it should be added to subversion. > I > don't see a need to have it there. I was just planning on adding it in after > doing the svn export of the release tagged code. However, I seem to remember > something about the contents of the artifact needing to exactly match an > export of the release tag. > > So, do I need to add the Dojo Toolkit code to subversion or not? > > Thanks, > Josh > - -- > - ------------------------------- > Josh Thompson > Systems Programmer > Advanced Computing | VCL Developer > North Carolina State University > > josh_thomp...@ncsu.edu > 919-515-5323 > > my GPG/PGP key can be found at pgp.mit.edu > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.16 (GNU/Linux) > > iEYEARECAAYFAkySXisACgkQV/LQcNdtPQMd5gCcDtMxyiT/8DoNbgIvKprJLKdf > 3+UAnAkGB8WUWo48H2MH7UP8rzRMnABr > =n/0a > -----END PGP SIGNATURE-----