From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1FoDlg-0005r4-7g for garchives@archives.gentoo.org; Thu, 08 Jun 2006 06:13:20 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k586CCUY025429; Thu, 8 Jun 2006 06:12:12 GMT Received: from mail.spikesource.com (gw1-ss-fe0.spikesource.com [209.10.209.56] (may be forged)) by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k586CAVO007382 for ; Thu, 8 Jun 2006 06:12:11 GMT Received: from [192.168.64.102] ([::ffff:192.168.64.102]) by mail.spikesource.com with esmtp; Wed, 07 Jun 2006 23:12:08 -0700 id 002CA582.4487BFB8.0000641D Message-ID: <4487BFCF.7040208@spikesource.com> Date: Wed, 07 Jun 2006 23:12:31 -0700 From: Calvin Austin User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20050922 Fedora/1.7.12-1.3.1 X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-java@gentoo.org MIME-Version: 1.0 To: Karl Trygve Kalleberg CC: gentoo-java@lists.gentoo.org, java@gentoo.org Subject: Re: [gentoo-java] Split migration-packages References: <4470DE21.3070809@gentoo.org> <447606BB.50600@spikesource.com> <44796856.1030605@gentoo.org> In-Reply-To: <44796856.1030605@gentoo.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: 0b484001-351f-486d-a0d2-e011528b3f67 X-Archives-Hash: 37aab53aada04d85c5d86d70992e99dd Karl Trygve Kalleberg wrote: >Calvin Austin wrote: > > > >>1. source vs jars ebuilds. >>I built everything from source minus one jar file. I had to drop to >>source 1.4 or patch the code in some cases. However some projects are >>based on maven jar repositories, getting a source version of these can >>be a huge project in itself. >> >> > >That's true, but we'll of course never include any .jars from Maven in >our tree, since we cannot know which evil backdoors they put into their >code: we don't have the source code. > >Also, we can never know if we need to do a security update, since the >versions of the jars in the maven repo do not always correspond to an >actual upstream release of anything. > >In conclusion: binary .jars are banned. > > > >>2. Using open source components vs certified binary components. >>Downloading certified jars from Sun or other vendors was a pain, however >>picking up a free implementation that may have never been certified may >>be just as bad if you don't know what you are doing (and caused a long >>tail of dependencies of cause) >> >> > >The long tail of dependencies is at best a minor nuisance for the user: >Java apps and libraries are tiny. Also, the fact that they can now do >emerge -uD world should weigh up for any minor inconvenience related to >a long dep chain. > >A better argument is that maintaining such a long chain of deps is more >cumbersome than just one binary library. However, with proper open >source packages, at least we have a decent shot at making them available > permanently, instead of this eternal catch-up with have to play with Sun. > > > >>3. Varying dependencies >>I ended up with a very simple hibernate 3.1 ebuild for example, the >>current migration ebuild essentially pulls in the rest of jboss >> >> > >Cool! Show us the source:) > > > My hibernate ebuild is based off the ebuild Mike Slinn submitted in bugzilla, infact for the most part to get a JDK 5 system you need to pull ebuilds from bugzilla or modify your own. Ideally the bugzilla ebuilds will eventually get in the tree, many of the changes required are harmless to jdk 1.4, (which is over 4 years old now) I'll be posting all the Java 5 ebuilds I used on one of our servers at spikesource in the next week regards calvin >Cheers, > >-- Karl T > > -- gentoo-java@gentoo.org mailing list