Re: Fedora 💔 Java: The Death of Two SIGs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Robert Marcano via devel wrote:
> I think the only way the Java ecosystem to survive in Fedora outside of
> OpenJDK and some core components is to allow bundling (Even JavaScript
> bundling is already allowed), but how do to it without compromising
> security?

The problem is that Java projects typically bundle prebuilt binaries, which 
is a complete no go. The big issue is not that the libraries are bundled, it 
is that they are bundled in prebuilt binary form, often even without the 
source code at all.

Fixing this requires work no matter whether the packager works the way you 
propose or whether they simply unbundle the dependencies. So I do not see 
any valid reason to not just go ahead and unbundle. (At least for the 
typical application. Things like Eclipse plugins, using nested JARs, are the 
exception and might indeed need special treatment.)

The Go and Rust case is different because the library packages are shipped 
as source code and the application packages then BuildRequire that source 
code. Doing the same for Java would require modifying the upstream build 
systems even more than just depending on a Fedora-built JAR would (because 
the Go/Rust way is not how Java normally works). So I do not see any 
advantage in doing things that way. (And for the record, I also think that 
Go and Rust should not work that way either! It is possible to build shared 
libraries of Go code, at least one Go toolchain supports it.)

The JavaScript case is also different because everything that is bundled is 
bundled as source code. JavaScript does not have anything like a compiled 
JAR file.

        Kevin Kofler
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux