hey, On 20/09/2009 Matthias Klose wrote: > On 20.09.2009 16:45, Jonas Meurer wrote: > >if i got it right then packaging the dependencies as seperate packages > >isn't an option for zope2.12, we'll have to include them within the > >zope2.10 source tarball. the reason for that is, that zope2.12 requires > >particular versions of the dependencies, and doesn't build even if minor > >versions aren't correct. > > this is the usual answer from an upstream with more than 50 > dependencies. From my experience this based on the fact that > upstream only wants to test and certify one configuration, and > doesn't take responsibility for anything else. On the other hand a > distribution tries to minimize the duplicate code in its > distribution, and applies patches to packages to make these work. > Look at OpenOffice, eclipse, etc. zope is not different. It's up to > you as a packager to decide what you can maintain, and where you do > want to duplicate sources. while i agree with you that duplicated code is bad security wise i fear that we would have to hack upstream zope2.12 code in order to build with different versions of the dependencies than requested upstream. i already discussed that with kobold some weeks ago on irc, and he said that this is different for zope3, where no particular versions of the dependencies are required. i would be ok with seperate source packages for all zope2.12 dependencies in case that this doesn't cause more harm than good. on the other hand much dependencies are only required for zope2.12 so far, so it might not be worth the effort to package them as seperate source package. maybe we could distribute these only-zope2.12-dependencies within the zope2.12 tarball, and build-depend on seperate source packages for dependencies that are useful for zope3 etc. as well. > >>I do not want to wait with the removal of python2.4 from unstable > >>for too long, I think a short time without zope2.x in unstable is > >>ok, while having three python2.x versions is too much. But it looks > >>like zope2.12 based on python2.5 or python2.6 is doable for squeeze. > > > >i didn't know that packaging zope2.12 is that timeconsuming at the time > >that i proposed to wait with removing python2.4 from unstable. so no > >objections against removal of pyhton2.4/zope2.10/zope2.11 from my side > >any longer. > > ok, I'll file a request for removal next week; zope2.x was the last > package absolutely needing python2.4. great, thanks for your work. greetings, jonas
Attachment:
signature.asc
Description: Digital signature