Re: [wtp-releng] Please review these "third party" anomalies

[Neil Hauge <neil.hauge@xxxxxxxxxx>]

Regarding Dali's concern's:

We specify jdom 1.0.0 in our feature.xml.

  <plugin
         id="org.jdom"
         download-size="0"
         install-size="0"
         version="1.0.0.qualifier"
         unpack="false"/>

As for javax.persistence_2.0.3.v201010191057.jar, this content is actually EPL (dual licensed EPL/EDL), is built by the EclispeLink project, is maintained on Eclipse servers, and is not an Orbit bundle.   Based on this I didn't submit a CQ as it didn't seem necessary, but let me know if I need to do something differently with this.

Neil



On 5/17/2011 4:12 AM, David M Williams wrote:

Project leads, as you know, our IP Logs are due on 5/18! (meaning, I should have done this weeks ago!) but tonight I tried listing all our third party packages we distribute, and checking that with one of Wayne's new handy-dandy tools to compare to the CQ database. See
http://www.eclipse.org/projects/tools/bundle_scanner.php

The page for that tool admits it is not perfect, misses things, etc., so don't take any comments here as "problems" ... just things to check, to make sure not problems. Better to know now, than right before the release! There are basically three questions:  

1. One thing jumped out immediately. We seem to distribute two versions of "org.jdom".

org.jdom_1.0.0.v201005080400.jar
org.jdom_1.1.1.v201101151400.jar

And, that's fine, if needed, but the bundle_scanner tool did not find a CQ, for a webtools project, for the 1.1.1 version. It did find "dali" and "webservices" had a CQ for the 1.0.0 version. So ... do we need a new CQ? Is there a range that needs to be restricted to use only the 1.0.0 version? Or, did the tool just miss our CQ somehow?

2. There were a number of others that "weren't found", but most of these look familiar to me, and may not have been found since they are so old, and were entered into CQs in a different, old format? But, please sanity check. The "danger" is if we have a used to get, say version "1.0.0" but then Orbit added one at "1.1.0" level, and we might pick it up automatically, depending on how we spec in feature. (Checking against last years IP Log would probably clear up the first four?)

Other Bundles

We're not sure what's going on with these bundles.

• javax.xml.rpc_1.1.0.v201005080400
• javax.xml.soap_1.2.0.v201005080501
• org.apache.axis_1.4.0.v201005080400
• org.apache.commons.discovery_0.2.0.v201004190315
• javax.persistence_2.0.3.v201010191057.jar
• 
  

3. Except for "javax.persistence" ... that's pretty new, right? Do we have a CQ for it? Is it one we pick up from EclipseLink? (If so, we still need a CQ for it). Or, again ... maybe the tool is just missing it?


If interested, below is the complete list of third bundles I found in our latest I-build. Let me know if anything seems missing or wrong. This list would not have included Libra ... not sure if Libra has any third party bundles? (Guess that's really 4 or 5 questions? :) .. but the first three are the most important ones). (BTW, I know we do have some other third party use and CQ's that are not discovered by bundle name ... such as schemas/dtds that go into another bundle ... but, I'm confident those are accurate and I won't be checking those, by hand ... but feel free if anyone else wants to).

javax.xml.rpc_1.1.0.v201005080400
javax.xml.soap_1.2.0.v201005080501
org.apache.axis_1.4.0.v201005080400
org.apache.commons.discovery_0.2.0.v201004190315
java_cup.runtime_0.10.0.v201005080400.jar
javax.activation_1.1.0.v201105071233.jar
javax.jws_2.0.0.v201005080400.jar
javax.mail_1.4.0.v201005080615.jar
javax.persistence_2.0.3.v201010191057.jar
javax.wsdl_1.5.1.v201012040544.jar
javax.wsdl_1.6.2.v201012040545.jar
javax.xml.bind_2.1.9.v201005080401.jar
javax.xml.stream_1.0.1.v201004272200.jar
javax.xml.ws_2.1.0.v200902101523.jar
javax.xml_1.3.4.v201005080400.jar
org.apache.bcel_5.2.0.v201005080400.jar
org.apache.commons.codec_1.3.0.v201101211617.jar
org.apache.commons.collections_3.2.0.v201005080500.jar
org.apache.commons.lang_2.1.0.v201005080500.jar
org.apache.commons.logging_1.0.4.v201101211617.jar
org.apache.log4j_1.2.15.v201012070815.jar
org.apache.oro_2.0.8.v201005080400.jar
org.apache.velocity_1.5.0.v200905192330.jar
org.apache.wsil4j_1.0.0.v200901211807.jar
org.apache.xalan_2.7.1.v201005080400.jar
org.apache.xerces_2.9.0.v201101211617.jar
org.apache.xml.resolver_1.2.0.v201005080400.jar
org.apache.xml.serializer_2.7.1.v201005080400.jar
org.jdom_1.0.0.v201005080400.jar
org.jdom_1.1.1.v201101151400.jar
org.mozilla._javascript__1.7.2.v201005080400.jar
org.uddi4j_2.0.5.v200805270300.jar

I'm assuming Project leads have checked their own project's IP Log, but if interested, this long URL gives our "complete webtools" IP log, that will be submitted on 18th (unless reason is found to ask for an extension):

http://www.eclipse.org/projects/ip_log.php?projectid=webtools.common,webtools.dali,webtools.ejbtools,webtools.jeetools,webtools.jsdt,webtools.jsf,webtools.libra,webtools.servertools,webtools.sourceediting,webtools.webservices

In fact, now that I look at that IP Log again ... it seems it does account for some of the questions above, such as javax.persistence? Maybe all of them ... except JDOM 1.1.1?

Much thanks,

_______________________________________________
wtp-releng mailing list
wtp-releng@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/wtp-releng