incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carl Trieloff <>
Subject Re: Quick project submission question
Date Wed, 08 Sep 2010 15:20:18 GMT
On 09/08/2010 11:06 AM, Scott Wilson wrote:
> On 8 Sep 2010, at 15:40, Carl Trieloff wrote:
>> >  On 09/08/2010 10:29 AM, Scott Wilson wrote:
>>> >>  On 8 Sep 2010, at 15:13, Carl Trieloff wrote:
>>> >>  
>>> >>  
>>>> >>>  What is the view of having a project in Apache that pulls substantial
>>>> >>>  that are licensed under ASL as dependencies into the code base.
I.e. not coping the
>>>> >>>  code, but using components that have been built and maintained
elsewhere under ASL
>>>> >>>  but used as dependencies for running.
>>>> >>>  
>>>> >>>  I assume this is not an issue, based in the info posted on
use of licenses -- however I'm
>>>> >>>  interested in understand if others have had positive or negative
experiences with such
>>>> >>>  a case.
>>>> >>>  
>>> >>  Hi Carl,
>>> >>  
>>> >>  Wookie has been using Ivy[1] to pull in external dependencies as part
of the build process. It took a bit of initial effort to get right, but now works really nicely,
and makes it much easier to track external libraries and check their licenses are compatible.
 You can also distinguish between dependencies that are needed for development, for building,
and for distribution and downstream reuse. There is an Eclipse plugin for Ivy that works pretty
well too.
>>> >>  
>>> >>  The only vaguely negative thing I found was the initial challenge of
getting the hang of how Ivy works, but we had good help from other community members and from
our mentors on that.
>>> >>  
>>> >>  [1]
>>> >>  
>>> >>  - Scott
>>> >>  
>>> >>  
>> >  
>> >  Scott,
>> >  
>> >  Do you see any negative sides from the community perspective with the dependencies
that or from projects
>> >  outside of Apache?
>> >  
>> >  Carl.
> I think it depends on the nature of the project you depend on. For the most part these
are pretty mature, commonly used libraries.
> However in one case we did have the issue that we had a problem that was caused by a
bug in a dependency (HtmlCleaner) where it wasn't very clear from the website whether the
project was still active (patches not applied, no recent commits etc). In the end I just asked
nicely on their tracker if it could be fixed, waited patiently, and eventually it was:-)
> I can imagine there might be problems if you got into a blame game with upstream projects,
or where there is a combination of a big culture difference plus an unstable codebase. I think
the answer is to evaluate dependencies from a community and sustainability viewpoint, not
just a functional one.

Thanks, the libs in question are mature and still actively maintained, 
this was helpful.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message