Hello,
The GeoMesa project has been following these guidelines:
1. Any direct or transitive compile scope dependency require a full
CQ
2. Any direct provided scope dependency requires a 'works-with' CQ
3. Any direct test scope dependencies require a single 'test' CQ
4. Any transitive provided or test dependencies can be disregarded
for IP purposes
Direct here means a top-level dependency declared in your pom,
transitive means that you don't declare it in your pom but it's
brought in by another dependency.
We don't track maven plugins. And AFAIK you need a new CQ even for a
bug fix version, but usually you can request an 'incremental' review
(this is less of an issue with license-only CQs).
If it's helpful, we wrote a bash script to generate our dependencies
using the maven dependency tree:
https://github.com/locationtech/geomesa/blob/master/build/calculate-cqs.sh
Thanks,
Emilio
On 11/23/19 4:09 AM, Christian
Kaltepoth wrote:
Hi all,
I have a few questions about CQs, especially in the context
of Maven dependencies. I'm working on a guideline which I will
publish in the project wiki and which other committers of the
project can use if they want to add new dependencies.
I would love to get your feedback about whether the
following assumptions are correct.
- If the dependency is "test"-scoped, it is always a Test and Build dependency and
therefore treated as a workswith.
- If the dependency is "provided"-scoped, it is only used
at build-time but not really "distributed" in any way.
Instead, it must be provided by the environment in which
the corresponding Eclipse project is used in. Such
dependencies are therefore also workswith.
- Dependencies which are "compile"-scoped are usually prereq
dependencies. However, if the dependency is part of some
kind of "optional addon module" of the Eclipse project and
not part of the "core functionality", it is workswith.
- Maven plugins are usually workswith.
- You can update to newer patch releases of a third-party
dependency without filing a new CQ. So in most cases it is
fine to update from something like 1.2.4 to 1.2.9, but not
to 1.3.0. Of course this only works the license of the
dependency didn't change.
I would love to hear your thoughts.
Christian
_______________________________________________
incubation mailing list
incubation@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/incubation
|