| 1 |
Calvin Austin wrote: |
| 2 |
|
| 3 |
> 1. source vs jars ebuilds. |
| 4 |
> I built everything from source minus one jar file. I had to drop to |
| 5 |
> source 1.4 or patch the code in some cases. However some projects are |
| 6 |
> based on maven jar repositories, getting a source version of these can |
| 7 |
> be a huge project in itself. |
| 8 |
|
| 9 |
That's true, but we'll of course never include any .jars from Maven in |
| 10 |
our tree, since we cannot know which evil backdoors they put into their |
| 11 |
code: we don't have the source code. |
| 12 |
|
| 13 |
Also, we can never know if we need to do a security update, since the |
| 14 |
versions of the jars in the maven repo do not always correspond to an |
| 15 |
actual upstream release of anything. |
| 16 |
|
| 17 |
In conclusion: binary .jars are banned. |
| 18 |
|
| 19 |
> 2. Using open source components vs certified binary components. |
| 20 |
> Downloading certified jars from Sun or other vendors was a pain, however |
| 21 |
> picking up a free implementation that may have never been certified may |
| 22 |
> be just as bad if you don't know what you are doing (and caused a long |
| 23 |
> tail of dependencies of cause) |
| 24 |
|
| 25 |
The long tail of dependencies is at best a minor nuisance for the user: |
| 26 |
Java apps and libraries are tiny. Also, the fact that they can now do |
| 27 |
emerge -uD world should weigh up for any minor inconvenience related to |
| 28 |
a long dep chain. |
| 29 |
|
| 30 |
A better argument is that maintaining such a long chain of deps is more |
| 31 |
cumbersome than just one binary library. However, with proper open |
| 32 |
source packages, at least we have a decent shot at making them available |
| 33 |
permanently, instead of this eternal catch-up with have to play with Sun. |
| 34 |
|
| 35 |
> |
| 36 |
> 3. Varying dependencies |
| 37 |
> I ended up with a very simple hibernate 3.1 ebuild for example, the |
| 38 |
> current migration ebuild essentially pulls in the rest of jboss |
| 39 |
|
| 40 |
Cool! Show us the source:) |
| 41 |
|
| 42 |
|
| 43 |
Cheers, |
| 44 |
|
| 45 |
-- Karl T |
| 46 |
-- |
| 47 |
gentoo-java@g.o mailing list |
Archives