Re: rails pkg

To: debian-ruby@lists.debian.org
Subject: Re: rails pkg
From: Antonio Terceiro <terceiro@debian.org>
Date: Mon, 27 May 2013 14:02:32 -0300
Message-id: <[🔎] 20130527170232.GA19645@debian.org>
Mail-followup-to: debian-ruby@lists.debian.org
In-reply-to: <[🔎] CALjhHG_f8jvaxF+yg9ugw1w-dKxB2wNhC5K_V2nu3=JThNCF_w@mail.gmail.com>
References: <CALjhHG9R4gp57-k7LVKFkG7Ak=h1aYew4kSugxHAjALUVYyd5Q@mail.gmail.com> <[🔎] 20130524163407.GA21876@debian.org> <[🔎] CALjhHG8tM4hZJvgvF9TNeHqXXszU+EeEV7bLScjDRucRUeTSYw@mail.gmail.com> <[🔎] 20130524223708.GA14903@debian.org> <[🔎] CALjhHG_f8jvaxF+yg9ugw1w-dKxB2wNhC5K_V2nu3=JThNCF_w@mail.gmail.com>

On Mon, May 27, 2013 at 09:20:22AM +0200, Ondřej Surý wrote:
> On Sat, May 25, 2013 at 12:37 AM, Antonio Terceiro <terceiro@debian.org>wrote:
> 
> > On Fri, May 24, 2013 at 06:52:39PM +0200, Ondřej Surý wrote:
> > > Ok, this suits me equally well (although I had to subscribe).
> > >
> > > Anyway I was thinking (along the way home from work) that we probably
> > > should provide only one version of rails in each Debian release (e.g.
> > move
> > > our problems to our downstream packages :)).
> > >
> > > We have only few downstream packages and it's not worth our time and
> > energy
> > > to keep two and more versions of rails just for one or two
> > r-dependencies.
> >
> > I agree. That, together with having a single source package for all of
> > the rails components, will drastically reduce our maintainance effort.
> >
> 
> I still don't really see what's easier in bundling several tarballs into
> one big one, now that I untangled build-depends in all rails gems.
>
> You cannot get a bundled upstream tarball anywhere, so what's the point?

I'm not suggesting we bundle several tarballs, but to use a single one
generated from the rails git repository directly.

Other points that make me think it would be easier to have a single
rails source package:

- All Rails security patches are distributed based on the git repo, so
  we have to manually edit them to strip the first path component
  before we include them in our split packages. It's not hard, but it's
  boring and error prone. The larger the patch the worse. `quilt import
  -pN` can help here, but unmodified patches are better.

- when the security patch touches more than one component (not
  uncommon), we have to do 2 security uploads intead of one.

- All of the components are developed together and released in lockstep.
  So if there is a security bug in say ActiveRecord, all others are also
  released with a bumped version number anyway even if they were not
  touched.

- IMO because the components are released upstream in lockstep, having
  them in Debian with different version numbers conis confusing.

-- 
Antonio Terceiro <terceiro@debian.org>

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: rails pkg
  - From: Jordon Bedwell <jordon@envygeeks.com>
- Re: rails pkg
  - From: Ondřej Surý <ondrej@sury.org>

References:
- Re: rails pkg
  - From: Antonio Terceiro <terceiro@debian.org>
- Re: rails pkg
  - From: Ondřej Surý <ondrej@sury.org>
- Re: rails pkg
  - From: Antonio Terceiro <terceiro@debian.org>
- Re: rails pkg
  - From: Ondřej Surý <ondrej@sury.org>

Prev by Date: Re: rails pkg
Next by Date: Re: rails pkg
Previous by thread: Re: rails pkg
Next by thread: Re: rails pkg
Index(es):
- Date
- Thread