[kobold at debian.org: The future of Zope{2, 3} and Plone in Debian and Ubuntu]
Jonas Meurer
jonas at freesources.org
Mon Sep 21 09:41:20 UTC 2009
hey,
On 20/09/2009 Matthias Klose wrote:
> On 20.09.2009 16:45, Jonas Meurer wrote:
> >if i got it right then packaging the dependencies as seperate packages
> >isn't an option for zope2.12, we'll have to include them within the
> >zope2.10 source tarball. the reason for that is, that zope2.12 requires
> >particular versions of the dependencies, and doesn't build even if minor
> >versions aren't correct.
>
> this is the usual answer from an upstream with more than 50
> dependencies. From my experience this based on the fact that
> upstream only wants to test and certify one configuration, and
> doesn't take responsibility for anything else. On the other hand a
> distribution tries to minimize the duplicate code in its
> distribution, and applies patches to packages to make these work.
> Look at OpenOffice, eclipse, etc. zope is not different. It's up to
> you as a packager to decide what you can maintain, and where you do
> want to duplicate sources.
while i agree with you that duplicated code is bad security wise i fear
that we would have to hack upstream zope2.12 code in order to build with
different versions of the dependencies than requested upstream.
i already discussed that with kobold some weeks ago on irc, and he said
that this is different for zope3, where no particular versions of the
dependencies are required.
i would be ok with seperate source packages for all zope2.12
dependencies in case that this doesn't cause more harm than good. on the
other hand much dependencies are only required for zope2.12 so far, so
it might not be worth the effort to package them as seperate source
package.
maybe we could distribute these only-zope2.12-dependencies within the
zope2.12 tarball, and build-depend on seperate source packages for
dependencies that are useful for zope3 etc. as well.
> >>I do not want to wait with the removal of python2.4 from unstable
> >>for too long, I think a short time without zope2.x in unstable is
> >>ok, while having three python2.x versions is too much. But it looks
> >>like zope2.12 based on python2.5 or python2.6 is doable for squeeze.
> >
> >i didn't know that packaging zope2.12 is that timeconsuming at the time
> >that i proposed to wait with removing python2.4 from unstable. so no
> >objections against removal of pyhton2.4/zope2.10/zope2.11 from my side
> >any longer.
>
> ok, I'll file a request for removal next week; zope2.x was the last
> package absolutely needing python2.4.
great, thanks for your work.
greetings,
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20090921/140eb832/attachment.pgp>
More information about the pkg-zope-developers
mailing list