Re: Removing freeplane 1.7.x from Debian?

To: Sebastiaan Couwenberg <sebastic@xs4all.nl>
Cc: debian-java@lists.debian.org
Subject: Re: Removing freeplane 1.7.x from Debian?
From: Felix Natter <fnatter@gmx.net>
Date: Sun, 07 Apr 2024 15:37:47 +0200
Message-id: <[🔎] 875xwtcmz8.fsf@bitburger.home.felix>
In-reply-to: <[🔎] 85a8dfc7-c61d-4bb1-8a35-a1d88636768f@xs4all.nl> (Sebastiaan Couwenberg's message of "Mon, 1 Apr 2024 10:39:02 +0200")
References: <87v852mp0i.fsf@bitburger.home.felix> <ZgmsL4ihx33Fe7uq@kubus> <[🔎] 87cyr91srv.fsf@bitburger.home.felix> <[🔎] 85a8dfc7-c61d-4bb1-8a35-a1d88636768f@xs4all.nl>

hello Sebastiaan, Tony, Thorsten, Emmanuel,

Sebastiaan Couwenberg <sebastic@xs4all.nl> writes:
> On 4/1/24 8:49 AM, Felix Natter wrote:
>> tony mancill <tmancill@debian.org> writes:
>>> In my opinion we should be remove the outdated freeplane package from
>>> Debian.
>> the only thing that speaks against this is the user comment in #1030150
>> [1]. Is it true that "as Debian (and many derivates) still ship with old
>> JDK"? [2]
>
> It might be feasible to patch freeplane to use Maven for the Debian package
> build. This was suggested in the Gradle packaging status thread some time
> ago [0].
>
> Osmosis 0.49 also required a more recent Gradle to build, and adding a
> patch to use Maven for the Debian package build was reasonably simple.
>
> [0] https://lists.debian.org/debian-java/2022/08/msg00010.html

thank you for the suggestion. In addition to a complex gradle build
system [1] using the latest features, there are also a number of new
dependencies. The biggest one (I think) is twemoji [2].

[1]
https://github.com/freeplane/freeplane/blob/1.11.x/freeplane/build.gradle etc.

[2] #878875 (Freeplane >= 1.9 can add any unicode emoji as an icon)

I *might* succeed packaging Freeplane with maven, but then it might not
be compatible at all due to some missing gradle build system quirks,
which I think is worse than using the upstream .deb.

@Thorsten: Yes, having a 100% free build in Debian is
nice, but I do not see this happening :( I agree with @Emmanuel that the
upstream .deb is the best solution we can get (and given the nature of
java, this is extremely easy to install for users and upstream to provide) :)

However, in #1030150 Alex says:

> as Debian (and many derivates) still ship with old JDK, there is in my eyes no reason to remove
> Freeplane because of that. Also it would be a shame if it maybe would vanish from it, in that way.

Is this really true for Debian [3]?

[3]
https://packages.debian.org/search?keywords=jre&searchon=names&suite=stable&section=all

I think that if we do not remove freeplane from Debian, people are
"forced" to keep old unsupported JDK/JRE versions, which is a security
risk IMHO. Do you agree, or is an outdated Debian package even more
secure than an up-to-date upstream package as "Rpnpif" says in #1030150:

> I would agree with alex. Encouraging users to take packages out of
> Debian's repositories is a security risk for their OS. The current case
> with xz demonstrates this. My opinion does not mean that upstream should
> not offer an alternative and packages.

Cheers and Best Regards,
Felix
--
Felix Natter

Reply to:

References:
- Re: Removing freeplane 1.7.x from Debian?
  - From: Felix Natter <fnatter@gmx.net>
- Re: Removing freeplane 1.7.x from Debian?
  - From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

Prev by Date: Re: Removing freeplane 1.7.x from Debian?
Next by Date: Re: Removing freeplane 1.7.x from Debian?
Previous by thread: Re: Removing freeplane 1.7.x from Debian?
Next by thread: Re: Removing freeplane 1.7.x from Debian?
Index(es):
- Date
- Thread