[php-maint] Packaging php-pear from PEAR
Mark A. Hershberger
mah at everybody.org
Mon Sep 24 01:28:53 UTC 2007
Steve Langasek <vorlon at debian.org> writes:
>> Is there any reason not to package this directly from Pear?
>
> Because it's already in the upstream php5 source package. Including a
> separate source package in the archive looks like unnecessary bloat.
>
> Is there any reason *to* package it directly from PEAR?
Forgive my ignorance, but wouldn't allowing Structure_Graph and
Archive_Tar (as well as any future PEAR dependencies) to be managed
separately from php-pear be the preferred way of doing things.
Wouldn't it be better to update a smaller source package (php-pear,
php-structure-graph, or php-archive-tar) if a security problem with one
of the PEAR modules was found instead of updating the whole php5 source
package?
While I understand the desire not to bloat archives with frivolous
packages, I think keeping PEAR packages separate will make management of
copyright and author attribution easier in the long run.
For example, the latest PEAR module pulls in Structures_Graph as a
dependency. This module is bundled in php-pear. The author is Sérgio
Carvalho (AFAICT, his only contribution to anything in the php5 source
package) and the module is licensed under the LGPL. Neither of these
facts are mentioned in the copyright file included in php-pear or in the
php5 package.
As the PEAR module grows and includes more dependencies over time the
problem of tracking authors and licenses for the various packages sucked
into the php5 build will only grow.
--
http://hexmode.com/
GPG Fingerprint: 7E15 362D A32C DFAB E4D2 B37A 735E F10A 2DFC BFF5
The most beautiful experience we can have is the mysterious.
-- Albert Einstein, The World As I See it
More information about the pkg-php-maint
mailing list