On 26/02/14 17:17, James Nord (jnord) wrote: >>> Nowhere in that was the sources jar mentioned - yet you seemed to have >> jumped directly to a solution and then said can’t be done. >> >> No, I discussed the two paths from the POM: -sources and <scm/> > > My mistake, sorry. > >>> There is a critical need for this inside businesses as well as Debian (how >>> do >> we know that "org.foobar:baz:1.2.3:jar" is MIT as it claims and doesn’t >> contain some GPL Code. >> >> Which is a fine reason to contribute it Maven 4 where the POM could contain >> the necessary metadata to enable it. > > This shouldn't prohibit something using what exists now. > > One commercial company has done something for some subset of artifacts - > which may have been entirely human process/mixed or automated. >
Just to clarify some aspects of this: - there is no expectation that the project will build 100% of artifacts that are available in the Central Repository - just being able to build 20% of them would still be helpful - it is expected that some projects will need manual clues to build - for example, if some project contains two binary JARs in github, and if they don't have clues about where to find source, the system will display a report (including the names of classes in the JARs) and the user will be able to tell it where to look and then the automated stuff continues. It will always keep trying to go as far as it can automatically and then display a list of all things that need manual help so the user can address them all in a batch. - I wasn't anticipating a dependency on -source JARs, although the toolkit that I am proposing may well try to build from them if it has nothing else (but without any expectation that they will build) - automatically submitting the packages to Debian is probably out of the question for now. However, the feedback from such a system would make it much easier for a Debian user to create packages in their local repository. It would also make it easier for Debian Developers (or Ubuntu or Fedora developers) to look at bigger Java projects with multiple JARs and decide if they are suitable for official uploads to a distribution. It would do some of the leg work for us (stripping out binary artifacts and building the re-packaged source tarballs that we need sometimes) and then we would still put in the finishing touches manually to make a package that is official. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
