Re: How to package Nuxeo DM, a Java EE application, in Debian

To: thomas@koch.ro
Cc: debian-java@lists.debian.org, Vincent Fourmond <fourmond@gmail.com>, Niels Thykier <niels@thykier.net>
Subject: Re: How to package Nuxeo DM, a Java EE application, in Debian
From: Stefane Fermigier <sf@nuxeo.com>
Date: Mon, 7 Feb 2011 09:42:00 +0100
Message-id: <[🔎] 70DB1D5B-DFB3-48EE-BAEC-07D806ED919B@nuxeo.com>
In-reply-to: <[🔎] 201102070910.33317.thomas@koch.ro>
References: <[🔎] 28C19B9F-2C11-47F1-8D15-5A791B87C82E@nuxeo.com> <[🔎] AANLkTinMW-SZ1sJ=6ZDQVo1JVEwpZn7P8jT0WhWnKGqg@mail.gmail.com> <[🔎] 64ABC203-ABE7-43FF-A908-C022B6907A8F@nuxeo.com> <[🔎] 201102070910.33317.thomas@koch.ro>

On Feb 7, 2011, at 9:10 AM, Thomas Koch wrote:

> Stefane Fermigier:
>> On Feb 6, 2011, at 10:29 PM, Vincent Fourmond wrote:
>>> JARs in a source package. We absolutely need every single package
>>> compiled from source, and that includes their dependencies. That's why
>>> packaging Java applications for Debian is so much of a pain ;-)...
>>> More on that there:
>>> 
>>> http://vince-debian.blogspot.com/2009/03/java-packaging-nightmare.html
>> 
>> Well, if packaging Java applications in Debian is a nightmare, shouldn't be
>> Debian's responsibility to make it less of a nightmare to its developers
>> or contributors ?
> As you write yourself below, "That's not how we do things in the Java world", 

I should have added "in the open source java world" actually.

> there is a clear and fundamental difference between the Java world and all 
> free software distributions (not only Debian).

That's what I wrote in the first email in this thread, if you remember.

> Both sides have reasons, why they're doing things their way. Naturally I tend 
> to agree more with the points of the free software distributions. However you 
> can't just say that only the distributions should move (if they can at all 
> without violating licenses).
> We're actively and hard working to resolve these issues. However java is free 
> only since 2007. Only then it started to make sense for free software 
> distributions to invest effort to resolve issues.

The jpackage.org has been around for much longer than this. I remember it was already around in 2005, and I see it's been registered in 2001.

> I'm aware of talks given at last years FOSDEM, German linuxtag and last 
> weekend's FOSDEM to raise awareness about the issues and discuss them. Inside 
> Debian people are building tools to make java packaging less of a nightmare. 
> However this all takes time.
> I could now continue to express my anger about java developers which regard 
> windows as the "default development system", java developers who don't give a 
> shit about licenses or don't even know to tell the difference between GPL and 
> the Apache License, java developers who don't care that maven pulls jars 
> without any cryptographic protection, java developers who think it's good 
> enough if their code runs only against one specific point version of a library 
> and java developers who don't understand, why anybody should want to rebuild 
> their binary jars from source, - but I really shouldn't. :-)

I don't know those developers, I mostly hang with open source java developers actually ;)

> 
>>> BTW, redistributing JAR files is not always a very good idea:
>>> imagine you have a JAR of a (L)GPLed library, and for a reason or
>>> another you lose the source (if only because you never had it as you
>>> got binary JARs from upstream). Then, you fail the terms of the GPL
>>> and cannot redistribute the JARs, since you would be at loss to
>>> provide the source.
>> 
>> That's not how we do things in the Java world, especially when we are using
>> Maven.
>> 
>> Note that when using Maven, those jars come usually from
>> http://repo1.maven.org/, so the responsibility for providing the source
>> code for these jars actually falls upon the owner of maven.org, which
>> happens to be jvanzyl@codehaus.org - not upon us.
> As far as I understand the GPL, this statement is not correct. If you 
> distribute the jar, you also need to guarantee the availability of the source 
> code for the next three years. If the source code would not be available 
> anymore on some other site, you're f**cked.

This is not 100% safe, but if someone asks me to provide the sources for a JAR and I can't find them, I can ask the same to Jason. Same if someone sues us.

So I guess in this case the root of all evil (like often in the Java world) comes from Maven...

  S.

-- 
Stefane Fermigier, Founder and Chairman, Nuxeo
Open Source, Java EE based, Enterprise Content Management (ECM)
http://www.nuxeo.com/ - +33 1 40 33 79 87 - http://twitter.com/sfermigier
Join the Nuxeo Group on LinkedIn: http://linkedin.com/groups?gid=43314
New Nuxeo release: http://nuxeo.com/dm54
"There's no such thing as can't. You always have a choice."

Reply to:

Follow-Ups:
- Re: How to package Nuxeo DM, a Java EE application, in Debian
  - From: Torsten Werner <twerner@debian.org>
- Re: How to package Nuxeo DM, a Java EE application, in Debian
  - From: Vincent Fourmond <fourmond@gmail.com>

References:
- How to package Nuxeo DM, a Java EE application, in Debian
  - From: Stefane Fermigier <sf@nuxeo.com>
- Re: How to package Nuxeo DM, a Java EE application, in Debian
  - From: Vincent Fourmond <fourmond@gmail.com>
- Re: How to package Nuxeo DM, a Java EE application, in Debian
  - From: Stefane Fermigier <sf@nuxeo.com>
- Re: How to package Nuxeo DM, a Java EE application, in Debian
  - From: Thomas Koch <thomas@koch.ro>

Prev by Date: Re: How to package Nuxeo DM, a Java EE application, in Debian
Next by Date: Re: How to package Nuxeo DM, a Java EE application, in Debian
Previous by thread: Re: How to package Nuxeo DM, a Java EE application, in Debian
Next by thread: Re: How to package Nuxeo DM, a Java EE application, in Debian
Index(es):
- Date
- Thread