| 1 |
On 4/19/20 3:41 PM, Samuel Bernardo wrote: |
| 2 |
>> |
| 3 |
>> EGO_SUM is not a legitimate approach to packaging. You have to create |
| 4 |
>> packages for each package. I know, it sounds crazy when you say it. |
| 5 |
>> |
| 6 |
> I understand what you mean, but deem this dependencies as internal |
| 7 |
> project dependencies where those libraries doesn't worth the effort to |
| 8 |
> package them all. I mean, most of these projects have an immutable |
| 9 |
> deployment approach that are not feasable to be packaged. The problem |
| 10 |
> starts from upstream... |
| 11 |
|
| 12 |
You can do whatever you want in an overlay, but you can't introduce |
| 13 |
security vulnerabilities and license issues into thousands of peoples' |
| 14 |
homes and businesses through ::gentoo because it makes your life a tiny |
| 15 |
bit easier. |
| 16 |
|
| 17 |
The job description of distribution developer is, ultimately, to fix all |
| 18 |
the dumb things that upstream does before packaging the result so that |
| 19 |
your users get a consistent, usable, reliable, and secure product. But |
| 20 |
the first step isn't optional. Re-packaging garbage is easy -- that's a |
| 21 |
service nobody needs. |
| 22 |
|
| 23 |
Using ebuilds this way is also simply a waste of your time. If you're |
| 24 |
not going to package the dependencies, then you're better off using the |
| 25 |
upstream bundling tool. At least then you can update the hundreds of |
| 26 |
bundled dependencies afterwards. With an ebuild that's not possible. |
| 27 |
|
| 28 |
I don't mean to discourage you any more than necessary. I'm glad you |
| 29 |
want to help. But please quit looking to Go as an example of anything |
| 30 |
anyone should be doing. |
Archives