OT: Usage of language-specific package managers (was: Re: Prefered build system)

To: Barry Hawkins <barry@alltc.com>
Cc: debian-java@lists.debian.org
Subject: OT: Usage of language-specific package managers (was: Re: Prefered build system)
From: Matthias-Christian Ott <ott@mirix.org>
Date: Fri, 23 Mar 2012 13:41:19 +0100
Message-id: <[🔎] 20120323124119.GC2172@qp>
In-reply-to: <[🔎] 4F6C6741.20709@alltc.com>
References: <[🔎] 20120323104742.GA2172@qp> <[🔎] 4F6C6741.20709@alltc.com>

On Fri, Mar 23, 2012 at 08:06:25AM -0400, Barry Hawkins wrote:
> On 3/23/12 6:47 AM, Matthias-Christian Ott wrote:
> >Hi,
> >
> >I have been assigned to a legacy Java project, which uses several messed
> >up Ant buildfiles. I'm going to replace or clean up the build system as
> >part of project maintainance.
> >
> >I read that Maven (similar to other language-specific package
> >management software) has been a problem for Debian for a long time
> >and that Debian struggles with the general Java software packaging
> >mentality which often ignores system wide package managers. One of the
> >goals for the project is to make software packaging and distribution
> >easier and automatic. Gentoo and Fedora seem to support Maven and Ant,
> >but prefer Ant. Is that also true for Debian? If so, are there any
> >preferred build target naming conventions, like [1]?
> >
> >Regards,
> >Matthias-Christian
> >
> >[1] https://wiki.apache.org/ant/TheElementsOfAntStyle
> 
> I can tell you that of all the projects I have worked with for years
> and all those my friends work with, I have yet to find anyone who
> uses the Maven that is packaged with a distribution. The common
> practice is to have Ant + Ivy, Maven, or Gradle + Ivy using a
> repository outside the OS package management system's own packages.
> Coupling a Java project to using the Java libraries packaged with
> the current version of your operating system's offerings is
> generally avoided, as you invariably need a library or a version of
> a library that is not available.

This practice seems to be widespread, but I wonder what you do about
security updates then. GNU/Linux distributions seem to either have
enough man power and an organizational structure to do proper security
updates or do rolling releases. If you hardcode the versions you
can't do the later and it seems security updates aren't offered in
the common Maven repositories. If you use Debian stable you have a
long enough update cycle including security updates, so that should
work once you packaged all your dependencies (the project I'm working
on the dependency management consists putting years-old JAR files,
some with unknown licensing status and origin, in directory). If you
want to support multiple operating systems and distributions, the
required effort will of course increase linearly.

But looking at other programming languages (Python, Ruby, Perl, Lua,
Haskell, JavaScript etc.) these language-specific package managers
seem to become some kind of a problem, because many people seem to
care less about system wide package managers (perhaps because they
don't have one, as with Windows and Mac OS X) and about the operating
system and the installed software as an integrated whole.

Regards,
Matthias-Christian

Reply to:

Follow-Ups:
- Re: OT: Usage of language-specific package managers
  - From: Manfred Moser <manfred@mosabuam.com>

References:
- Prefered build system
  - From: Matthias-Christian Ott <ott@mirix.org>
- Re: Prefered build system
  - From: Barry Hawkins <barry@alltc.com>

Prev by Date: Re: Prefered build system
Next by Date: Re: OT: Usage of language-specific package managers
Previous by thread: Re: Prefered build system
Next by thread: Re: OT: Usage of language-specific package managers
Index(es):
- Date
- Thread