Re: jruby in sid is pretty broken and is a key package. Help?

2020-12-23 Thread Sudip Mukherjee
On Wed, Dec 23, 2020 at 11:48 PM Markus Koschany wrote: > > Am Mittwoch, den 23.12.2020, 23:54 +0200 schrieb Adrian Bunk: > > > jruby > > -> libspring-java > > -> guice > > -> gradle > > -> maven > > > > We should try to break this dependency-chain. gradle and maven in Debian don

Re: jruby in sid is pretty broken and is a key package. Help?

2020-12-23 Thread Markus Koschany
Am Mittwoch, den 23.12.2020, 23:54 +0200 schrieb Adrian Bunk: > jruby > -> libspring-java > -> guice > -> gradle > -> maven > We should try to break this dependency-chain. gradle and maven in Debian don't really need jruby. Markus signature.asc Description: This is a digital

Re: jruby in sid is pretty broken and is a key package. Help?

2020-12-23 Thread Adrian Bunk
On Wed, Dec 23, 2020 at 10:44:11PM +0100, Markus Koschany wrote: >... > Am Mittwoch, den 23.12.2020, 16:15 -0500 schrieb Louis-Philippe Véronneau: >... > > Adrian Bunk says a large part of the Java ecosystem seems to > > transitively depend on jruby, so I guess all those things are Bad™. > > Is th

Re: jruby in sid is pretty broken and is a key package. Help?

2020-12-23 Thread Louis-Philippe Véronneau
On 2020-12-23 16 h 44, Markus Koschany wrote: >> Adrian Bunk says a large part of the Java ecosystem seems to >> transitively depend on jruby, so I guess all those things are Bad™. > > Is there a quick way to determine what is the "large part of the Java > ecosystem"? I don't think jruby is really

Re: jruby in sid is pretty broken and is a key package. Help?

2020-12-23 Thread Markus Koschany
Hi, Am Mittwoch, den 23.12.2020, 16:15 -0500 schrieb Louis-Philippe Véronneau: > Hello! > > While working on a Clojure package that depends on jruby, I noticed it's > in pretty bad shape: > > 1. it FTBFS (#959600) > > 2. it has a bunch of CVEs (#972230) > > 3. it doesn't run without declaring

jruby in sid is pretty broken and is a key package. Help?

2020-12-23 Thread Louis-Philippe Véronneau
Hello! While working on a Clojure package that depends on jruby, I noticed it's in pretty bad shape: 1. it FTBFS (#959600) 2. it has a bunch of CVEs (#972230) 3. it doesn't run without declaring a specific env var (#977979) 4. it loads gems from /usr/lib/ruby/vendor_ruby and it probably should

Re: Please be careful with Google Java packages

2020-12-23 Thread Hans-Christoph Steiner
Hear hear! Thanks for working on Bazel, looks like Android/AOSP is switching to Bazel, so we'll need it to build the Android Tools packages in the future. .hc Olek Wojnar: Fellow Java Maintainers, Due to the tight interdependencies between a number of the Google ecosystem Java packages t

Please be careful with Google Java packages

2020-12-23 Thread Olek Wojnar
Fellow Java Maintainers, Due to the tight interdependencies between a number of the Google ecosystem Java packages that Bazel depends on, could you please coordinate on here and on the Bazel team list (copied above) before team-uploading any of Bazel's dependencies[1]? I'm trying to avoid unantici