Shouldn't be a problem. Just a question of somebody doing $ mvn dependency:tree -pl war
On Jenkins having made sure they are using a version of dependency plugin that works with the version of maven they are using (afaik the very latest now has dependency:tree working on maven 3) And then verifying that for each and every dependency listed, the source code is available If we hit any with missing source we just bump versions until we have the source somewhere Donkey work. Not a big problem. Just a verification exercise. Of course IANAL and we might want one to check my understanding On Wednesday, 14 November 2012, Les Mikesell wrote: > On Wed, Nov 14, 2012 at 10:35 AM, Stephen Connolly > <stephen.alan.conno...@gmail.com <javascript:;>> wrote: > > Well there is also the issue of the licensing change in svnkit. I am not > > sure that somebody has validated that all 3rd party dependencies of > Jenkins > > have their source bundles available, which could make it problematic to > > upgrade to svnkit versions with the viral license. > > > > Of course Jenkins itself is OSS, so in principle there are no issues for > > Jenkins. but there is the question of do the specific versions of all 3rd > > party dependencies bundles within jenkins.war have source bundles. I am > sure > > there are source bundles or SCM URLs for a version of all our 3rd party > > dependencies, but whether they match the exact version we ship... that is > > where the viral license could cause issues. IANAL and this should really > be > > tabled for the next governance meeting > > If this is going to be an issue, will someone work on a plugin to use > native svn code to replace it? We do have occasional issues with > developers visiting jenkin's workspaces with a 1.7 svn/tortoise and > breaking them. I'd guess that would be a common problem now. > > -- > Les Mikesell > lesmikes...@gmail.com <javascript:;> >
