1 |
Karl Trygve Kalleberg wrote: |
2 |
|
3 |
>Calvin Austin wrote: |
4 |
> |
5 |
> |
6 |
> |
7 |
>>1. source vs jars ebuilds. |
8 |
>>I built everything from source minus one jar file. I had to drop to |
9 |
>>source 1.4 or patch the code in some cases. However some projects are |
10 |
>>based on maven jar repositories, getting a source version of these can |
11 |
>>be a huge project in itself. |
12 |
>> |
13 |
>> |
14 |
> |
15 |
>That's true, but we'll of course never include any .jars from Maven in |
16 |
>our tree, since we cannot know which evil backdoors they put into their |
17 |
>code: we don't have the source code. |
18 |
> |
19 |
>Also, we can never know if we need to do a security update, since the |
20 |
>versions of the jars in the maven repo do not always correspond to an |
21 |
>actual upstream release of anything. |
22 |
> |
23 |
>In conclusion: binary .jars are banned. |
24 |
> |
25 |
> |
26 |
> |
27 |
>>2. Using open source components vs certified binary components. |
28 |
>>Downloading certified jars from Sun or other vendors was a pain, however |
29 |
>>picking up a free implementation that may have never been certified may |
30 |
>>be just as bad if you don't know what you are doing (and caused a long |
31 |
>>tail of dependencies of cause) |
32 |
>> |
33 |
>> |
34 |
> |
35 |
>The long tail of dependencies is at best a minor nuisance for the user: |
36 |
>Java apps and libraries are tiny. Also, the fact that they can now do |
37 |
>emerge -uD world should weigh up for any minor inconvenience related to |
38 |
>a long dep chain. |
39 |
> |
40 |
>A better argument is that maintaining such a long chain of deps is more |
41 |
>cumbersome than just one binary library. However, with proper open |
42 |
>source packages, at least we have a decent shot at making them available |
43 |
> permanently, instead of this eternal catch-up with have to play with Sun. |
44 |
> |
45 |
> |
46 |
> |
47 |
>>3. Varying dependencies |
48 |
>>I ended up with a very simple hibernate 3.1 ebuild for example, the |
49 |
>>current migration ebuild essentially pulls in the rest of jboss |
50 |
>> |
51 |
>> |
52 |
> |
53 |
>Cool! Show us the source:) |
54 |
> |
55 |
> |
56 |
> |
57 |
My hibernate ebuild is based off the ebuild Mike Slinn submitted in |
58 |
bugzilla, infact for the most part to get a JDK 5 system you need to |
59 |
pull ebuilds from bugzilla or modify your own. Ideally the bugzilla |
60 |
ebuilds will eventually get in the tree, many of the changes required |
61 |
are harmless to jdk 1.4, (which is over 4 years old now) I'll be |
62 |
posting all the Java 5 ebuilds I used on one of our servers at |
63 |
spikesource in the next week |
64 |
|
65 |
regards |
66 |
calvin |
67 |
|
68 |
|
69 |
|
70 |
|
71 |
|
72 |
>Cheers, |
73 |
> |
74 |
>-- Karl T |
75 |
> |
76 |
> |
77 |
|
78 |
-- |
79 |
gentoo-java@g.o mailing list |