Wikimedia Apps/Team/Android/Third Party Libraries

From MediaWiki.org
Jump to navigation Jump to search

Here are practices the Android apps team will follow with respect to evaluating third party libraries.

  • Pin versions in the build.gradle file (avoid the + suffix on version numbers). Builds should be reproducible. Update explicitly.
  • Watch licenses and include the license in the About Activity.
    • Put the actual license text in a file under the assets/licenses directory
    • Add a link to it in the "libraries_list" string in the values/credits.xml file.
  • Check if library-specific ProGuard rules are needed.
  • In case new libraries are needed, team members will do the following:
    • Email mobile-l with the following points addressed, pointing to a page on mediawiki.org for further discussion:
      • What's the MinSDK requirement?
      • Is the license permissive?
      • Is the library ubiquitous?
      • Is it actively maintained?
      • Is the library artifact in a public repo? (so we can just pull it in via Gradle; ideally in Maven Central; fallback JCenter)
      • What are the library's dependencies?
      • What is the impact on binary size?
      • Are special ProGuard rules needed for this library?