I mentioned this in another note but I'll repeat here to use your example. Where the binaries do live in a Maven repo and are versioned there is less of an issue and it becomes a convenience. A real challenge is what to do if your taking a "stable" copy of a project that doesn't have a versioned release? The only method I know of is to capture their source, and build a binary at a stable level to include in your projects release.
Matt Hogstrom m...@hogstrom.org A Day Without Nuclear Fusion Is a Day Without Sunshine On Mar 29, 2012, at 9:07 AM, Bertrand Delacretaz wrote: > On Thu, Mar 29, 2012 at 2:41 PM, Jukka Zitting <jukka.zitt...@gmail.com> > wrote: >> ...It seems like Roy is much more categorical about this. Assuming I >> understand his point correctly, *no* binary dependencies are >> acceptable within a source tarball. >> >> What I don't quite (yet) understand is how a reference like >> "junit:junit:4.10" to a download service maintained by a third party >> is more acceptable than directly including the referenced bits... > > I think the difference is that by saying "get junit:junit:4.10 to > build this" we put the burden on our users to make sure they get the > right bits, either by building them themselves from the junit sources, > or trusting whoever provides them. > > By shipping those bits ourselves instead, we would take the > responsibility on our shoulders, which we don't want. > > -Bertrand > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
