On Fri, Mar 23, 2012 at 08:06:25AM -0400, Barry Hawkins wrote: > On 3/23/12 6:47 AM, Matthias-Christian Ott wrote: > >Hi, > > > >I have been assigned to a legacy Java project, which uses several messed > >up Ant buildfiles. I'm going to replace or clean up the build system as > >part of project maintainance. > > > >I read that Maven (similar to other language-specific package > >management software) has been a problem for Debian for a long time > >and that Debian struggles with the general Java software packaging > >mentality which often ignores system wide package managers. One of the > >goals for the project is to make software packaging and distribution > >easier and automatic. Gentoo and Fedora seem to support Maven and Ant, > >but prefer Ant. Is that also true for Debian? If so, are there any > >preferred build target naming conventions, like [1]? > > > >Regards, > >Matthias-Christian > > > >[1] https://wiki.apache.org/ant/TheElementsOfAntStyle > > I can tell you that of all the projects I have worked with for years > and all those my friends work with, I have yet to find anyone who > uses the Maven that is packaged with a distribution. The common > practice is to have Ant + Ivy, Maven, or Gradle + Ivy using a > repository outside the OS package management system's own packages. > Coupling a Java project to using the Java libraries packaged with > the current version of your operating system's offerings is > generally avoided, as you invariably need a library or a version of > a library that is not available.
This practice seems to be widespread, but I wonder what you do about security updates then. GNU/Linux distributions seem to either have enough man power and an organizational structure to do proper security updates or do rolling releases. If you hardcode the versions you can't do the later and it seems security updates aren't offered in the common Maven repositories. If you use Debian stable you have a long enough update cycle including security updates, so that should work once you packaged all your dependencies (the project I'm working on the dependency management consists putting years-old JAR files, some with unknown licensing status and origin, in directory). If you want to support multiple operating systems and distributions, the required effort will of course increase linearly. But looking at other programming languages (Python, Ruby, Perl, Lua, Haskell, JavaScript etc.) these language-specific package managers seem to become some kind of a problem, because many people seem to care less about system wide package managers (perhaps because they don't have one, as with Windows and Mac OS X) and about the operating system and the installed software as an integrated whole. Regards, Matthias-Christian -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120323124119.GC2172@qp
