On May 23, 2009, at 10:50 PM, Santiago Gala wrote:
>>> Is it that we have identified a new issue that actually affects
>>> _all_ Maven based releases, not just Shindig?
>>
>> No not necessarily. You can use maven to produce binary releases that
>> have all the required legal details inside of them; it just isn't
>> automatically taken care of.
>
> Not that I want to mud the waters even more,
you failed :)
> but how does the word "binary" vs source affects the code that is
> both binary and source?
N/A.
I'll try and be even more specific - the point _in this case_ is that
by default a _maven-style_ binary release will _typically_ embed third-
party dependencies in the binary distribution package (i.e. for
shindig the .war contains non-apache .jars), while a _maven-style_
source release will _typically_ embed only things already found in the
source repository (i.e. for shindig third party .jars are not included
in the source tarball).
> Substantial parts of shindig are ecmascript and php. In fact a release
> of shindig-php that does not contain *any* binary that is not source
> at
> the same time is a very realistic thought.
>
> Would this hypothetical release be considered source or binary?
Source.
> I ask because it is clear that there are different requirements to
> both.
Not really (from the legal side) -- released artifacts have to contain
all the right legal details in all the right places for everything
that they contain. This is always true - whether the release is
"binary", "source", "runnable source", "mixed" or "yo mamma's".
cheers,
- Leo
|