[Mageia-dev] Java-Policy first draft published

Fri Jan 21 00:01:02 CET 2011

On Wed, 12 Jan 2011, Michael Scherer wrote:
+
+> Le mercredi 12 janvier 2011 à 11:24 -0500, Frank Griffin a écrit :
+> > Farfouille wrote:
+> > > Hi
+> > >
+> > > I have published a first draft of Java application package policy. http://mageia.org/wiki/doku.php?id=java_applications_policy
+> > >
+> > > Corrections and comments are welcome.
+> > >   
+> > 
+> > The bit about pre-packaged JARs may cause trouble.  In theory, it's
+> > great, but many applications depend upon certain versions of their
+> > utility JARs, and can't all run with the latest versions.  Any such app
+> > would have a Requires for its specific version, which would prevent the
+> > utility JAR from being updated with a newer version for other apps. 
+> > This is why EJB allows EJB apps to include their own specific versions
+> > of utility JARs, which are visible to them but not to other apps or the
+> > container itself, and also why Maven uses versioned artifacts.
+> 
+> That's the same issue for everything.
+> 
+> Shipping binary jar given by upstream tarball cause trouble because you 
+> 1) cannot patch them in case of bug
+> 2) cannot see how and what was compiled 
+> 
+> That's not very free software friendly, and I think we should refuse
+> that.
+
+I've already seen while trying to package java apps, a jar being shipped,
+but sources not available anywhere on the internet, except after
+searching for a few hours on an old website on archive.org with broken
+link to the sources zip, and developers not aware of the issue, because
+they never tried to find the sources, and always used this binary .jar
+they found on a random web site.
+
+