1 |
Calvin Austin wrote: |
2 |
|
3 |
> 1. source vs jars ebuilds. |
4 |
> I built everything from source minus one jar file. I had to drop to |
5 |
> source 1.4 or patch the code in some cases. However some projects are |
6 |
> based on maven jar repositories, getting a source version of these can |
7 |
> be a huge project in itself. |
8 |
|
9 |
That's true, but we'll of course never include any .jars from Maven in |
10 |
our tree, since we cannot know which evil backdoors they put into their |
11 |
code: we don't have the source code. |
12 |
|
13 |
Also, we can never know if we need to do a security update, since the |
14 |
versions of the jars in the maven repo do not always correspond to an |
15 |
actual upstream release of anything. |
16 |
|
17 |
In conclusion: binary .jars are banned. |
18 |
|
19 |
> 2. Using open source components vs certified binary components. |
20 |
> Downloading certified jars from Sun or other vendors was a pain, however |
21 |
> picking up a free implementation that may have never been certified may |
22 |
> be just as bad if you don't know what you are doing (and caused a long |
23 |
> tail of dependencies of cause) |
24 |
|
25 |
The long tail of dependencies is at best a minor nuisance for the user: |
26 |
Java apps and libraries are tiny. Also, the fact that they can now do |
27 |
emerge -uD world should weigh up for any minor inconvenience related to |
28 |
a long dep chain. |
29 |
|
30 |
A better argument is that maintaining such a long chain of deps is more |
31 |
cumbersome than just one binary library. However, with proper open |
32 |
source packages, at least we have a decent shot at making them available |
33 |
permanently, instead of this eternal catch-up with have to play with Sun. |
34 |
|
35 |
> |
36 |
> 3. Varying dependencies |
37 |
> I ended up with a very simple hibernate 3.1 ebuild for example, the |
38 |
> current migration ebuild essentially pulls in the rest of jboss |
39 |
|
40 |
Cool! Show us the source:) |
41 |
|
42 |
|
43 |
Cheers, |
44 |
|
45 |
-- Karl T |
46 |
-- |
47 |
gentoo-java@g.o mailing list |