[Mageia-dev] Java-Policy first draft published

nicolas vigier boklm at mars-attacks.org
Fri Jan 21 00:01:02 CET 2011

On Wed, 12 Jan 2011, Michael Scherer wrote:

> Le mercredi 12 janvier 2011 à 11:24 -0500, Frank Griffin a écrit :
> > Farfouille wrote:
> > > Hi
> > >
> > > I have published a first draft of Java application package policy. http://mageia.org/wiki/doku.php?id=java_applications_policy
> > >
> > > Corrections and comments are welcome.
> > >   
> > 
> > The bit about pre-packaged JARs may cause trouble.  In theory, it's
> > great, but many applications depend upon certain versions of their
> > utility JARs, and can't all run with the latest versions.  Any such app
> > would have a Requires for its specific version, which would prevent the
> > utility JAR from being updated with a newer version for other apps. 
> > This is why EJB allows EJB apps to include their own specific versions
> > of utility JARs, which are visible to them but not to other apps or the
> > container itself, and also why Maven uses versioned artifacts.
> That's the same issue for everything.
> Shipping binary jar given by upstream tarball cause trouble because you 
> 1) cannot patch them in case of bug
> 2) cannot see how and what was compiled 
> That's not very free software friendly, and I think we should refuse
> that.

I've already seen while trying to package java apps, a jar being shipped,
but sources not available anywhere on the internet, except after
searching for a few hours on an old website on archive.org with broken
link to the sources zip, and developers not aware of the issue, because
they never tried to find the sources, and always used this binary .jar
they found on a random web site.

More information about the Mageia-dev mailing list