Re: Updating Eclipse

To: debian-java@lists.debian.org
Subject: Re: Updating Eclipse
From: Paul Wise <pabs@debian.org>
Date: Wed, 14 Jan 2015 09:41:38 +0800
Message-id: <[🔎] CAKTje6EkCgYSygw=8D+qb7S2GSSgFF5V9mD3ivCg=+Qzo5V=zw@mail.gmail.com>
In-reply-to: <[🔎] 54B57B60.2020109@rapicorp.com>
References: <54B02167.5070907@rapicorp.com> <[🔎] 54B02A23.1070304@gambaru.de> <[🔎] 54B114CA.4040200@thykier.net> <[🔎] 54B57B60.2020109@rapicorp.com>

[The below mail is general, I don't know much about the Java/Eclipse context]

On Wed, Jan 14, 2015 at 4:09 AM, Pascal Rapicault wrote:

> - What is the root of the decision to build everything from source?

Debian has promised to our users that every package will come with
source code. The only way to ensure that what we are distributing is
actually the source code is to remove files that obviously have been
automatically generated and rebuild everything from source code. This
also enables things like our work on reproducible builds.

https://www.debian.org/social_contract
https://wiki.debian.org/ReproducibleBuilds

> - What is the limit of the actions that can be run in an install script?

Potentially anything can be done, except contacting the network. Any
tools that need to be run should be either in the same source package
or new packages created for them and added to Build-Depends, which are
installed before building packages.

> - Do we have stats about what the user is downloading?

We have stats for users who choose to opt-in to the popularity-contest system:

http://popcon.debian.org/
https://qa.debian.org/popcon.php?package=eclipse

>     Really? Without internet access?

When we say without Internet access, we mean with access to the Debian
archive (via Build-Depends) but not access to random websites on the
Internet. Allowing general Internet access leads to build
reproducibility and security issues.

>     Yes, this is true especially in the Maven world since it guarantees
> build reproducibility.

We plan to solve that in Debian by recording versions of
build-dependencies at build time and reproducing the build environment
when doing build reproducibility testing:

https://wiki.debian.org/ReproducibleBuilds/BuildinfoSpecification
https://wiki.debian.org/ReproducibleBuilds/About#Reproduce_the_build_environment

Re bootstrap stuff, we don't have a good solution, most of our work on
that front has been around C compilers and bootstrapping new
architectures rather than non-C languages.

https://wiki.debian.org/DebianBootstrap

Embedded code copies are discouraged as they are a nightmare for the
security and QA teams.

https://wiki.debian.org/EmbeddedCodeCopies

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: Updating Eclipse
  - From: Emmanuel Bourg <ebourg@apache.org>
- Re: Updating Eclipse
  - From: Thorsten Glaser <t.glaser@tarent.de>

References:
- Re: Updating Eclipse
  - From: Markus Koschany <apo@gambaru.de>
- Re: Updating Eclipse
  - From: Niels Thykier <niels@thykier.net>
- Re: Updating Eclipse
  - From: Pascal Rapicault <pascal@rapicorp.com>

Prev by Date: Re: Updating Eclipse
Next by Date: Re: Updating Eclipse
Previous by thread: Re: Updating Eclipse
Next by thread: Re: Updating Eclipse
Index(es):
- Date
- Thread