Bug#789485: jruby: Don't bundle all jruby dependencies inside jruby-core jar file
Miguel Landaeta
nomadium at debian.org
Sun Jun 21 16:23:40 UTC 2015
On Sun, Jun 21, 2015 at 04:38:24PM +0200, Emmanuel Bourg wrote:
>
Hi Emmanuel,
> It looks like the embedded dependencies are also relocated under the
> org.jruby namespace. Removing them could lead to incompatibilities with
> applications importing them.
That's right, I don't intend to diverge from upstream on this,
especially since this is a complex package. Although, this is a bug
that should be documented until is fixed (at upstream, but I see it
unlikely anyway).
> I'd rather document the inclusion with a Built-Using field rather than
> diverging from upstream.
Thanks for the pointer, I don't maintain any package using this field
so I have to document myself about it first.
Question: let's say jruby embeds a copy of libasm4-java and we
document this with Built-Using: libasm4-java (= 5.0.4-1) but in the
future, a security vulnerability is reported and fixed in
libasm4-java 5.0.4-2.
Is jruby going to FTBFS in sid when libasm4-java or any of the
embedded libraries get updated and the version using during last time
is not available anymore?
Cheers,
--
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
"Faith means not wanting to know what is true." -- Nietzsche
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20150621/a2d33f1d/attachment.sig>
More information about the pkg-java-maintainers
mailing list