On Wed, 2021-10-06 at 14:37 +0200, Mikolaj Izdebski wrote: > On Mon, Oct 4, 2021 at 8:50 PM Matthew Miller < > mattdm@xxxxxxxxxxxxxxxxx> wrote: > > > > On Mon, Sep 27, 2021 at 03:09:08PM +0200, Mario Torre wrote: > > > I'm not sure what's the best solution, but I guess the number one > > > reason to have packages within the Fedora distribution is for a > > > matter > > > of trust, if this is the case I would argue that a curated list of > > > maven packages served via a Fedora managed repository would be a > > > better investment. > > > > I'd love to see someone interested in this pursue this idea! I know > > we > > talked about it as long ago as... Flock Prague... and probably > > before. > > That's a very old idea that has been partially implemented years ago, > but never approved for use in Fedora. Maven artifacts can be built in > Koji (there is an existing "koji maven-build" command). Once built > they appear in a "curated" Maven repository hosted on Koji, that can > be synced to mirrors, from where users can consume it. Consumers of > this Maven repository don't need to be running Fedora, not even Linux. ah Now I understand better this wiki page https://fedoraproject.org/wiki/KojiMavenSupport > Curated Maven repository contains additional metadata, eg. CVEs > affecting given artifact version, whether upstream is active, whether > given artifact is available in Fedora and in which releases, etc. For > each Fedora Linux release there is an auto-generated BOM (bill of > materials POM) listing artifacts available in the release. > > Binaries from this trusted/curated Maven repository can also be > wrapped into RPMs (using "koji wrapper-rpm" command) and put into > distribution repos and composes. Other packages can depend on such > RPMs. This is a hybrid packaging model, where some Java RPM packages > can be built in the traditional way (where code is compiled during > rpmbuild) and some are built elsewhere, and only wrapped in RPMs. > > -- > Mikolaj Izdebski > > > > > -- > > Matthew Miller > > <mattdm@xxxxxxxxxxxxxxxxx> > > Fedora Project Leader > > _______________________________________________ > > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > > Fedora Code of Conduct: > > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > > Do not reply to spam on the list, report it: > > https://pagure.io/fedora-infrastructure > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure -- Sérgio M. B. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
