| 1 |
Karl Trygve Kalleberg wrote: |
| 2 |
|
| 3 |
>Calvin Austin wrote: |
| 4 |
> |
| 5 |
> |
| 6 |
> |
| 7 |
>>1. source vs jars ebuilds. |
| 8 |
>>I built everything from source minus one jar file. I had to drop to |
| 9 |
>>source 1.4 or patch the code in some cases. However some projects are |
| 10 |
>>based on maven jar repositories, getting a source version of these can |
| 11 |
>>be a huge project in itself. |
| 12 |
>> |
| 13 |
>> |
| 14 |
> |
| 15 |
>That's true, but we'll of course never include any .jars from Maven in |
| 16 |
>our tree, since we cannot know which evil backdoors they put into their |
| 17 |
>code: we don't have the source code. |
| 18 |
> |
| 19 |
>Also, we can never know if we need to do a security update, since the |
| 20 |
>versions of the jars in the maven repo do not always correspond to an |
| 21 |
>actual upstream release of anything. |
| 22 |
> |
| 23 |
>In conclusion: binary .jars are banned. |
| 24 |
> |
| 25 |
> |
| 26 |
> |
| 27 |
>>2. Using open source components vs certified binary components. |
| 28 |
>>Downloading certified jars from Sun or other vendors was a pain, however |
| 29 |
>>picking up a free implementation that may have never been certified may |
| 30 |
>>be just as bad if you don't know what you are doing (and caused a long |
| 31 |
>>tail of dependencies of cause) |
| 32 |
>> |
| 33 |
>> |
| 34 |
> |
| 35 |
>The long tail of dependencies is at best a minor nuisance for the user: |
| 36 |
>Java apps and libraries are tiny. Also, the fact that they can now do |
| 37 |
>emerge -uD world should weigh up for any minor inconvenience related to |
| 38 |
>a long dep chain. |
| 39 |
> |
| 40 |
>A better argument is that maintaining such a long chain of deps is more |
| 41 |
>cumbersome than just one binary library. However, with proper open |
| 42 |
>source packages, at least we have a decent shot at making them available |
| 43 |
> permanently, instead of this eternal catch-up with have to play with Sun. |
| 44 |
> |
| 45 |
> |
| 46 |
> |
| 47 |
>>3. Varying dependencies |
| 48 |
>>I ended up with a very simple hibernate 3.1 ebuild for example, the |
| 49 |
>>current migration ebuild essentially pulls in the rest of jboss |
| 50 |
>> |
| 51 |
>> |
| 52 |
> |
| 53 |
>Cool! Show us the source:) |
| 54 |
> |
| 55 |
> |
| 56 |
> |
| 57 |
My hibernate ebuild is based off the ebuild Mike Slinn submitted in |
| 58 |
bugzilla, infact for the most part to get a JDK 5 system you need to |
| 59 |
pull ebuilds from bugzilla or modify your own. Ideally the bugzilla |
| 60 |
ebuilds will eventually get in the tree, many of the changes required |
| 61 |
are harmless to jdk 1.4, (which is over 4 years old now) I'll be |
| 62 |
posting all the Java 5 ebuilds I used on one of our servers at |
| 63 |
spikesource in the next week |
| 64 |
|
| 65 |
regards |
| 66 |
calvin |
| 67 |
|
| 68 |
|
| 69 |
|
| 70 |
|
| 71 |
|
| 72 |
>Cheers, |
| 73 |
> |
| 74 |
>-- Karl T |
| 75 |
> |
| 76 |
> |
| 77 |
|
| 78 |
-- |
| 79 |
gentoo-java@g.o mailing list |
Archives