Re: packaging Go runtime for ANTLR4
Le 2021-07-28 17:08, tony mancill a écrit :
I don't disagree with Emmanuel's statements about the importance of
ANTLR and why it is helpful to maintain separation. However, I don't
think introducing a separate source package each language ecosystem is
necessarily best for Debian.
It's not optimal for the number of source packages in the distribution,
but it's optimal wrt the human resources available to maintain the
and that's much more important than a few saved megabytes on the APT
repository mirrors. With separate source packages, I'm confident that
an issue with the Go/Python/C++ compiler and build tools won't hinder
the work on the Java library. Bootstrapping ANTLR4 wasn't a trivial task
(there was circular self dependencies) and I don't think I would have
been able to do it if I had to care about the other languages.
It causes additional work for the Security team when in the event there
AFAIK there was no CVE reported for ANTLR so far, so separate packages
do not induce an increased security maintenance in this case.
It potentially confuses users (and Debian developers) by creating a
distinction that does not exist upstream.
I'm thinking about documenting in debian/README.source why the languages
are isolated in separate packages, this isn't the first time this
It also means that we will release with different versions of ANTLR
for different languages, which feels very "non-distro" to me. (What
if the version of the ANTLR parser for language X is subtly
language Y, and a user runs a system on Debian that requires both
We already have several versions of ANTLR for Java packaged (2.7.7, 3.2,
and 4.7.2). If a new version of ANTLR creates regressions, we just clone
the package to preserve the old version. That's the only sane solution,
because you really don't want to test, debug and fix grammars with an
incompatible version of ANTLR, that's the reponsability of the upstream