[gentoo-user] gradle as source? How safe are overlays?

[gentoo-user] gradle as source? How safe are overlays?

[n952162]

In order to build an android app, I need gradle.  Apparently, there's
only a binary version in gentoo, dev-java/gradle-bin, but there's a
source version in the mva overlay.  Why might it only be in an overlay?

This link:

https://wiki.gentoo.org/wiki/Gradle#Availability

links to:

https://github.com/msva/mva-overlay/tree/master/dev-java/gradle

containing 3 files, none of which is 100 lines.

If that's all it takes, why not be part of the distribution?

TIA

Re: [gentoo-user] gradle as source? How safe are overlays?

[Viktar Patotski]

[-- Attachment #1: Type: text/plain, Size: 747 bytes --]

Usually all gradle projects contain gradle wrappers (gradlew.bat and
gradlew.sh). If you have them, you just need Java and run: ./gradlew build

Viktar

On Mon, Oct 16, 2023 at 9:29 PM n952162 <n952162@web.de> wrote:

> In order to build an android app, I need gradle.  Apparently, there's
> only a binary version in gentoo, dev-java/gradle-bin, but there's a
> source version in the mva overlay.  Why might it only be in an overlay?
>
> This link:
>
> https://wiki.gentoo.org/wiki/Gradle#Availability
>
> links to:
>
> https://github.com/msva/mva-overlay/tree/master/dev-java/gradle
>
> containing 3 files, none of which is 100 lines.
>
> If that's all it takes, why not be part of the distribution?
>
> TIA
>
>
>
>

[-- Attachment #2: Type: text/html, Size: 1303 bytes --]

Re: [gentoo-user] gradle as source? How safe are overlays? [resend]

[n952162]

On 10/16/23 21:30, Viktar Patotski wrote:
> Usually all gradle projects contain gradle wrappers (gradlew.bat and
> gradlew.sh). If you have them, you just need Java and run: ./gradlew build
>
>

Yes, that was the case with f-droid/sms-ie-master, totally easy. But not
for f-droid/mupdf, unfortunately.  But I read that it's easy enough to
generate a gradlew - if you have gradle ...

Re: [gentoo-user] gradle as source? How safe are overlays?

[Michael Orlitzky]

On Mon, 2023-10-16 at 21:29 +0200, n952162 wrote:
> Why might it only be in an overlay?

Because it bundles 100+ other packages. That is inherently a security
risk, although plenty of people use Windows and install all of their
software that way and are perfectly happy on those days of the year
when their documents aren't encrypted by ransomware.

Re: [gentoo-user] gradle as source? How safe are overlays?

[n952162]

That's what I was afraid of hearing .... ;-)


On 10/16/23 22:54, Michael Orlitzky wrote:
> On Mon, 2023-10-16 at 21:29 +0200, n952162 wrote:
>> Why might it only be in an overlay?
> Because it bundles 100+ other packages. That is inherently a security
> risk, although plenty of people use Windows and install all of their
> software that way and are perfectly happy on those days of the year
> when their documents aren't encrypted by ransomware.
>
>