Hello, according to the Apache Release Policy a release is the source and while it allows and defines convinience binaries there is not really a Notion of „official binaries“ from the ASF Point of view. So Maybe the new property should be something like „binary Vendor“ or „packager“ (similiar what many package Managers have?)
I think the number of additional support Problems because of distribution specific packages and the number of solved Problems by distributions doing a good Integration Job can not be clearly tallied. And therefore I would stay away from language like „modified“, „official“ to avoid those Groups to feel unwelcome (especially in the ASF spirit of open SOURCE). Gruss Bernd -- http://bernd.eckenfels.net Von: Michael Osipov Gesendet: Mittwoch, 13. Februar 2019 19:36 An: Maven Developers List; Robert Scholte; Dalibor Topic; Markus Koschany Cc: debian-java@lists.debian.org; Matthias Klose Betreff: Re: Fwd: FOSDEM 19 Debian Java talk Am 2019-02-12 um 20:09 schrieb Robert Scholte: > On Tue, 12 Feb 2019 12:34:56 +0100, Markus Koschany <a...@debian.org> wrote: > >> Hello, >> >> Dalibor Topic (Oracle) and Robert Scholte (Apache Maven) contacted me >> and were so kind to agree to make this discussion public, so that others >> can chime in too. I would like to use the opportunity to answer the >> initial question "what we are interested in seeing better supported from >> build tools" and give some general feedback about integrating Java into >> Debian. >> >> >> First of all Ant and Maven are most likely the best supported build >> systems at the moment. We carry only two patches for Maven, one because >> we use a newer version of SLF4j [1] and the second one is to make Maven >> builds reproducible. [2] It looks like [1] has been already merged >> upstream but [2] has not been forwarded yet. It would be great of >> course, if Maven builds would be reproducible out-of-the-box. In general >> I would like to see reproducible builds everywhere. > > Hi Markus, > > first of all thanks for the insights, it is important for us to know how > Maven is used and in which way we can improve that way-of-work. Hervé is > already working hard on the reproducible builds specs with your team in > order to find out how we can improve our maven-plugins to get > reproducible artifacts. > > Maven itself is not 100% reproducible. We've learned that some Linux > vendors rebuild Maven and the presentation confirmed that Debian is one > of those vendors. What we've seen in the past is that sometimes people > are having issues with Maven and after a while we discovered that they > were not using the official Apache Maven distribution[1]. For us it is > quite easy to say: sorry, not our official distribution, please contact > your Linux distributor. > In such case we have 3 losers: the user, the Apache Maven project and > the Linux Distributor. If only the official Maven distribution was used, > then we would have had 3 winners. > > When you decide to rebuild Maven, you're also taking all related > responsibilities. I'm also wondering how you build Maven, since Maven is > being built with Maven. That should be a challenge to also rebuild all > plugins, etc. > And how do you test this and confirm that it works as the official > distribution? > Sure, *IF* Maven is 100% reproducible then you can rely on our > test-infra, but that's not the situation. > > So here are my main questions: > - Are you making clear that you're not using the official Maven > distribution, e.g. by adjust the info from 'mvn --version'? I expressed my proposal to Hervé that we need a new property: maven.vendor. Our official distribution will carry the value: ASF. Everyone else who modifies the content must change the value in the build.properties. Thus, we will quickly know that this distro has been modified by someone else. Michael --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org For additional commands, e-mail: dev-h...@maven.apache.org
