You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by Felix Meschberger <fm...@gmail.com> on 2008/01/28 09:15:56 UTC
Board Report Feb/08
Hi all,
Time is approaching to deliver our board report. I prepared the report
page on our wiki [1] and invite you all to review and ammend where
appropriate.
Thanks and Regards
Felix
[1] http://cwiki.apache.org/confluence/x/4REB
Re: Board Report Feb/08
Posted by Felix Meschberger <fm...@gmail.com>.
Hi Betrand,
Am Montag, den 28.01.2008, 11:01 +0100 schrieb Bertrand Delacretaz:
> On Jan 28, 2008 10:41 AM, Felix Meschberger <fm...@gmail.com> wrote:
>
> > ...To get a complete list of dependencies we would have to analyze the
> > dependencies of each pom just like the maven's dependency report does....
>
> I think this does it, if run from the top of our source code tree
> (assuming all modules are listed in the main pom.xml):
>
> mvn dependency:resolve | grep ':.*:.*:.*' | grep -v "Finished at" |
> cut -d ':' -f 1-4 | sort -u
Cool trait ! Thanks for this.
>
> The resulting list also shows some "interesting" duplicates like:
>
> commons-httpclient:commons-httpclient:jar:3.0
> commons-httpclient:commons-httpclient:jar:3.1
>
> And
>
> commons-logging:commons-logging:jar:1.0.3
> commons-logging:commons-logging:jar:1.0.4
> commons-logging:commons-logging:jar:1.1
>
> And a few others like this.
These could be caused by transitive dependencies. Still we might want to
analyze our poms. But I think, except for inter-Sling dependencies we
define all our versions in the parent pom.
Regards
Felix
Re: Board Report Feb/08
Posted by Bertrand Delacretaz <bd...@apache.org>.
On Jan 28, 2008 10:41 AM, Felix Meschberger <fm...@gmail.com> wrote:
> ...To get a complete list of dependencies we would have to analyze the
> dependencies of each pom just like the maven's dependency report does....
I think this does it, if run from the top of our source code tree
(assuming all modules are listed in the main pom.xml):
mvn dependency:resolve | grep ':.*:.*:.*' | grep -v "Finished at" |
cut -d ':' -f 1-4 | sort -u
The resulting list also shows some "interesting" duplicates like:
commons-httpclient:commons-httpclient:jar:3.0
commons-httpclient:commons-httpclient:jar:3.1
And
commons-logging:commons-logging:jar:1.0.3
commons-logging:commons-logging:jar:1.0.4
commons-logging:commons-logging:jar:1.1
And a few others like this.
-Bertrand
Re: Board Report Feb/08
Posted by Felix Meschberger <fm...@gmail.com>.
Hi Jukka,
Am Montag, den 28.01.2008, 11:11 +0200 schrieb Jukka Zitting:
> The ASF board is asking all TLPs to review their use of cryptography
> and to check that the requirements of the export control policy [1]
> are met. Does Sling use cryptography somewhere? If not, it would be
> good to add a short note like: "No export control notifications are
> needed for Apache Sling."
Yes, Sling does not use crypto and does not contain explicit hooks to
use crypto.
>
> BTW, while trying to review the above I found no clear place where all
> the Sling dependencies were listed. Is there any, or could we come up
> with one?
There is no combined list of dependencies currently. But off the top of
my head, the dependencies are three-fold:
- Java Runtime (java.* and javax.*)
- Apache libraries (jackrabbit, commons, ...)
- Thirdparty: CGLIB, Jetty, KXml (I think, that is about it)
To get a complete list of dependencies we would have to analyze the
dependencies of each pom just like the maven's dependency report does.
Regards
Felix
>
> [1] http://www.apache.org/dev/crypto.html
>
> BR,
>
> Jukka Zitting
Re: Board Report Feb/08
Posted by Jukka Zitting <ju...@gmail.com>.
Hi,
On Jan 28, 2008 10:15 AM, Felix Meschberger <fm...@gmail.com> wrote:
> Time is approaching to deliver our board report. I prepared the report
> page on our wiki [1] and invite you all to review and ammend where
> appropriate.
Looks good, thanks!
The ASF board is asking all TLPs to review their use of cryptography
and to check that the requirements of the export control policy [1]
are met. Does Sling use cryptography somewhere? If not, it would be
good to add a short note like: "No export control notifications are
needed for Apache Sling."
BTW, while trying to review the above I found no clear place where all
the Sling dependencies were listed. Is there any, or could we come up
with one?
[1] http://www.apache.org/dev/crypto.html
BR,
Jukka Zitting
Re: Board Report Feb/08
Posted by Felix Meschberger <fm...@gmail.com>.
Hi all,
I submitted the February 2008 report and prepared a template May 2008
report for further additions. If there is anything missing or wrong in
the February 2008 report, please reply to this mail, such that I may fix
this. Thanks.
Regards
Felix
Am Montag, den 28.01.2008, 09:16 +0100 schrieb Felix Meschberger:
> Hi all,
>
> Time is approaching to deliver our board report. I prepared the report
> page on our wiki [1] and invite you all to review and ammend where
> appropriate.
>
> Thanks and Regards
> Felix
>
> [1] http://cwiki.apache.org/confluence/x/4REB
Re: Board Report Feb/08
Posted by Bertrand Delacretaz <bd...@apache.org>.
On Jan 28, 2008 9:15 AM, Felix Meschberger <fm...@gmail.com> wrote:
> ...Time is approaching to deliver our board report. I prepared the report
> page on our wiki [1] and invite you all to review and ammend where
> appropriate....
Thanks - added a point saying that we can expect a first release soon,.
-Bertrand
> [1] http://cwiki.apache.org/confluence/x/4REB
>