Packaging of Zope 2.12 in Debian

Jonas Meurer jonas at freesources.org
Thu Mar 10 12:38:39 UTC 2011 

Hello Gael,

On 10/03/2011 Gael Le Mignot wrote:
> For now, we  deploy the Zope 2.12 on Debian  Squeeze, using the Python
> packages from Squeeze  but then installing the Zope  and Plone through
> buildout. We are  not really happy with this  method, which cause lots
> of  duplication (we  have many  Zope  instances on  the same  server),
> painful  security updates,  forces us  to install  build chain  on all
> servers, ...
> 
> We would like to be able to do as we used to, that is, installing Zope
> all   the   Python   libraries    from   Debian,   and   having   only
> instance-specific produts  (including Plone,  at least on  first step)
> installed on a per-instance basis.

Michael Mulich (Cc'ed) already worked a lot on Zope2.12 packages in
Debian. You can find his development branch in the Debian pkg-zope svn
repository[1].
I just contacted him by  private mail some days ago regarding the same
topic, as I'm interested in Zope2.12 packages as well.

We agreed that an IRC meeting would be good to discuss the details about
Zope2 Debian packages. I suggested either the 18th/19th of March or the
15th/16th of April to him. He didn't respond yet.

Maybe you and your friend could attent to this IRC meeting as well, and
we manage to join our efforts in packaging Zope2.12+ for Debian.

I just created a Wiki page for that Meeting:
http://wiki.debian.org/Zope/Zope2IrcMeeting

Feel free to modify it and add your toughts.

Maybe everyone who's interested in the meeting could comment on the
proposed dates as well.

> For that, we would like to help packaging Zope 2.12 in Debian. With my
> friend Arnaud Fontaine (who is  a Debian Developper), we did a primary
> study  of all  the eggs  installed by  a vanilla  Zope 2.12  and their
> status.
> 
> The full status can be found at [1]. On the 89 eggs in total :
> 
> - 15 eggs  are packaged in Squeeze  with the version  required by Zope
>   2.12 ;
> 
> - 9 are packaged in Squeeze with more recent versions than Zope 2.12 ;
> 
> - 10 are packaged in Squeeze but with older versions ;
> 
> - 11  are not packaged  in Squeeze,  but packaged  in Ubuntu  with the
>   version required ;
> 
> - 23 are packaged in Ubuntu with more recent versions ;
> 
> - 1 is packaged un Ubuntu with older version ;
> 
> - 20 are not packaged in neither Debian nor Ubuntu.

There's a major problem with Zope eggs packaged as seperate packages:
most of them aren't backwards-compatible. Thus an upgrade to more recent
upstream version might break the Zope2.12 packages in case the API of
the egg/module changed.

On the other hand maintaining a huge monolitic Zope2.12 tarball with all
required eggs/dependencies inside is a horror-scenario regarding
security aspects. The Debian security team hates packages which maintain
local copies of libraries/modules/eggs/whatever for a good reason.

So I'm not sure about the best solution for Zope2.12 Debian packages.
Unfortunately I don't know enough details about the packaged eggs. Maybe
some of them actually provide backwards compability and thus can be used
by a Zope2.12 package, while others don't.

> To have  a fully  working zope  2.12 package on  Debian, here  are the
> steps that, according to us, should be done :
> 
> 1. Adapt the Ubuntu packages to Debian.
> 
> 2. Upgrade the versions of the packages that are too old.
> 
> 3.  Check, one by one, for  the packages that are too recent in Debian
>    or Ubuntu compared to Zope 2.12 if it is a problem or not.
> 
> 4. Package the 20 missing eggs.

see above.

> 5. Make a meta-package that installs the eggs and adapts dzhandle so
>    it can work with the new Zope packages.
> 
> Upload of  new packages will  of course go  to unstable, but  we would
> like to have them in squeeze-backports too once they are ready.
>
> Any comment on this plan ? Any  volunteer to help us ? Any idea on how
> to handle the more recent packages,  if they conflict with the rest of
> Zope 2.12 ?  And do you have any idea  what's Ubuntu maintainers plan,
> and how we could coordinate efforts with them ?

I don't know about Ubuntu Zope maintainers who have expressed interest
in Zope2 packages in the near past. But once a Debian Zope2 package is
in debian/unstable again, it will be merged to the Ubuntu development
repository for sure.

greetings,
 jonas

[1] http://svn.debian.org/wsvn/pkg-zope/zope2.12/branches/with-revived-tarball/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-zope-developers/attachments/20110310/0406e92a/attachment.pgp>

More information about the pkg-zope-developers mailing list