You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cocoon.apache.org by Bertrand Delacretaz <bd...@apache.org> on 2004/03/12 07:47:03 UTC
Using Maven (or something similar) for dependencies? (Was: Cocoon's Rhino+continuations fork)
Le Jeudi, 11 mars 2004, à 23:06 Europe/Zurich, Paul Russell a écrit :
> On 10 Mar 2004, at 19:51, Steven Noels wrote:
>> (OT for the non-ASF folks:) You seem to suggest that inclusion of
>> non-ASL-licensed library dependencies inside ASF distributions should
>> be deprecated, favoring a CPAN or FreeBSD ports -like mechanism
>> instead. This will definitely lower the ease of use for end-users,
>> which have been complaining already that we don't ship a binary
>> distribution of Cocoon, let alone that we would ship a download which
>> requires them to either hunt down additional packages themselves, or
>> have an internet connection when installing Cocoon.
>
> ... which brings me around to something I've been pondering for a
> while. Since Cocoon is a bit of a 'hub' in the open source world, it
> brings together a stack of external libraries. Including these in the
> core source distribution is clunky and painful for everyone. Have we
> considered using Maven or similar to help manage these dependancies?
> ....
Sounds like the way to go, intelligently downloading dependencies from
some non-ASF repository should solve most, maybe all of the licensing
problems, and help make Cocoon more lightweight for many uses.
IIRC last time this was discussed the debate quickly moved to a heated
discussion on the relative merits of Maven and other similar tools - if
we're going to discuss this again, we must be careful to focus on the
goals rather than on the tools!
-Bertrand
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Torsten Curdt <tc...@vafer.org>.
> Yep. And we should also think about the users of our users: can they be
> expected to go through the same download-on-demand scenario before even
> taking a quick look whether Cocoon fits their bill?
Is it really much more complicated to download?
It does not have to be always on demand...
Let's assume we distribute
cocoon-2.whatever-src.tgz
without any external jars and we have a
repository with each individual jar.
rhino.jar
itext.jar
jetty.jar
....
If we could (are alound) to provide an archiv
for convenience,
cocoon-2.whatever-dependencies.tgz
We'd only have *two* instead of one downloads.
After the download you have all dependencies
on disk. The download-on-demand system should
utilize the archiv and no further downloads-on-demand
are necessary since everything is already there.
IMO this should not make much of a difference
for anyone who wants to try Cocoon.
--
Torsten
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's Rhino+continuations fork)
Posted by Steven Noels <st...@outerthought.org>.
On 12 Mar 2004, at 09:05, Ugo Cei wrote:
> Reinhard Pötz wrote:
>> And instead of investing to much time in all those things we should
>> make CocoonBlocks become reality ASAP because they will solve those
>> dependencies very elgantly.
>
> I'd say *most* of those dependencies, but not all of them. Flowscript
> is part of the core, for instance.
Yep. And we should also think about the users of our users: can they be
expected to go through the same download-on-demand scenario before even
taking a quick look whether Cocoon fits their bill?
</Steven>
--
Steven Noels http://outerthought.org/
Outerthought - Open Source Java & XML An Orixo Member
Read my weblog at http://blogs.cocoondev.org/stevenn/
stevenn at outerthought.org stevenn at apache.org
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Reinhard Pötz <re...@apache.org>.
Carsten Ziegeler wrote:
>Reinhard Pötz wrote:
>
>
>>And instead of investing to much time in all those things
>>we should
>>make CocoonBlocks become reality ASAP because they will
>>solve those
>>dependencies very elgantly.
>>
>>
>
>Yes, but imho we need a solution for 2.1.x as well. If we would
>wait for blocks we could not do another 2.1.x release.
>
>
Good point. Let's wait on the results of the current discussions and
then we can decide.
--
Reinhard
RE: Using Maven (or something similar) for dependencies? (Was: Cocoon's Rhino+continuations fork)
Posted by Carsten Ziegeler <cz...@s-und-n.de>.
Reinhard Pötz wrote:
>
> And instead of investing to much time in all those things
> we should
> make CocoonBlocks become reality ASAP because they will
> solve those
> dependencies very elgantly.
Yes, but imho we need a solution for 2.1.x as well. If we would
wait for blocks we could not do another 2.1.x release.
Carsten
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Reinhard Pötz <re...@apache.org>.
Ugo Cei wrote:
> Reinhard Pötz wrote:
>
>> And instead of investing to much time in all those things we should
>> make CocoonBlocks become reality ASAP because they will solve those
>> dependencies very elgantly.
>
>
> I'd say *most* of those dependencies, but not all of them. Flowscript
> is part of the core, for instance.
>
> Ugo
>
>
Yes, that true. But we have also also thought about modularizing Cocoon
core (see Cocoon modules) - e.g. different environements - and if
*licences* makes it necessary we can also have a flowscript module.
--
Reinhard
Re: Using Maven (or something similar) for dependencies?
Posted by Stefano Mazzocchi <st...@apache.org>.
Ugo Cei wrote:
> Reinhard Pötz wrote:
>
>> And instead of investing to much time in all those things we should
>> make CocoonBlocks become reality ASAP because they will solve those
>> dependencies very elgantly.
>
>
> I'd say *most* of those dependencies, but not all of them. Flowscript is
> part of the core, for instance.
very true, real block are not enough.
We need two systems: a higher level one (real blocks) and a lower level
one (jars).
There are two ways of doing a package distributor:
1) package it yourself [rpm,deb,war]
2) provide metadata and tools [port,gentoo]
I came to the conclusion (also after working with gump for a while) that
2) is the way to go. [thanks to Pier for opening my eyes on this!]
but the painful thing is that not all jars are distributable standalone
for legal reasons.
--
Stefano.
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Ugo Cei <u....@cbim.it>.
Reinhard Pötz wrote:
> And instead of investing to much time in all those things we should make
> CocoonBlocks become reality ASAP because they will solve those
> dependencies very elgantly.
I'd say *most* of those dependencies, but not all of them. Flowscript is
part of the core, for instance.
Ugo
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Reinhard Pötz <re...@apache.org>.
Bertrand Delacretaz wrote:
> Le Jeudi, 11 mars 2004, à 23:06 Europe/Zurich, Paul Russell a écrit :
>
>> On 10 Mar 2004, at 19:51, Steven Noels wrote:
>>
>>> (OT for the non-ASF folks:) You seem to suggest that inclusion of
>>> non-ASL-licensed library dependencies inside ASF distributions
>>> should be deprecated, favoring a CPAN or FreeBSD ports -like
>>> mechanism instead. This will definitely lower the ease of use for
>>> end-users, which have been complaining already that we don't ship a
>>> binary distribution of Cocoon, let alone that we would ship a
>>> download which requires them to either hunt down additional packages
>>> themselves, or have an internet connection when installing Cocoon.
>>
>>
>> ... which brings me around to something I've been pondering for a
>> while. Since Cocoon is a bit of a 'hub' in the open source world, it
>> brings together a stack of external libraries. Including these in the
>> core source distribution is clunky and painful for everyone. Have we
>> considered using Maven or similar to help manage these dependancies?
>> ....
>
>
> Sounds like the way to go, intelligently downloading dependencies from
> some non-ASF repository should solve most, maybe all of the licensing
> problems, and help make Cocoon more lightweight for many uses.
>
> IIRC last time this was discussed the debate quickly moved to a heated
> discussion on the relative merits of Maven and other similar tools -
> if we're going to discuss this again, we must be careful to focus on
> the goals rather than on the tools!
>
> -Bertrand
>
Yep, the discussion is not Maven yes or not but do we want to distribute
Cocoon as a complete package or not. I would prefer having a complete
distribution (as long as it is possible from a legal POV) because it
*is* easier for our users.
And instead of investing to much time in all those things we should make
CocoonBlocks become reality ASAP because they will solve those
dependencies very elgantly.
--
Reinhard
RE: Using Maven (or something similar) for dependencies? (Was: Cocoon's Rhino+continuations fork)
Posted by Carsten Ziegeler <cz...@s-und-n.de>.
Reinhard Pötz wrote:
>
> Stephan Michels wrote:
>
> >Am Fr, den 12.03.2004 schrieb Bertrand Delacretaz um 07:47:
> >
> >
> >>Sounds like the way to go, intelligently downloading
> dependencies from
> >>some non-ASF repository should solve most, maybe all of the
> licensing
> >>problems, and help make Cocoon more lightweight for many uses.
> >>
> >>IIRC last time this was discussed the debate quickly moved
> to a heated
> >>discussion on the relative merits of Maven and other
> similar tools -
> >>if we're going to discuss this again, we must be careful to
> focus on
> >>the goals rather than on the tools!
> >>
> >>
> >
> >You don't need to migrate to maven to have the automatic download
> >mechanism, see Ruper(http://krysalis.org/ruper/). Should be easy to
> >integrate into the existing build system. I think this is the way to
> >go.
> >
> >
> Or maybe Ant-get is enough
> (http://ant.apache.org/manual/CoreTasks/get.html)
>
We have to fetch only those jars that aren't allowed in our CVS.
I think the first step should be to list those jars and then we
can see what we can do with each of them. And downloading them
during the build should be imho the last option.
So, do we have a list?
Carsten
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Reinhard Pötz <re...@apache.org>.
Stephan Michels wrote:
>Am Fr, den 12.03.2004 schrieb Bertrand Delacretaz um 07:47:
>
>
>>Sounds like the way to go, intelligently downloading dependencies from
>>some non-ASF repository should solve most, maybe all of the licensing
>>problems, and help make Cocoon more lightweight for many uses.
>>
>>IIRC last time this was discussed the debate quickly moved to a heated
>>discussion on the relative merits of Maven and other similar tools - if
>>we're going to discuss this again, we must be careful to focus on the
>>goals rather than on the tools!
>>
>>
>
>You don't need to migrate to maven to have the automatic download
>mechanism, see Ruper(http://krysalis.org/ruper/). Should be easy to
>integrate into the existing build system. I think this
>is the way to go.
>
>
Or maybe Ant-get is enough (http://ant.apache.org/manual/CoreTasks/get.html)
--
Reinhard
Re: Using Maven (or something similar) for dependencies? (Was:
Cocoon's Rhino+continuations fork)
Posted by Stephan Michels <st...@apache.org>.
Am Fr, den 12.03.2004 schrieb Bertrand Delacretaz um 07:47:
>
> Sounds like the way to go, intelligently downloading dependencies from
> some non-ASF repository should solve most, maybe all of the licensing
> problems, and help make Cocoon more lightweight for many uses.
>
> IIRC last time this was discussed the debate quickly moved to a heated
> discussion on the relative merits of Maven and other similar tools - if
> we're going to discuss this again, we must be careful to focus on the
> goals rather than on the tools!
You don't need to migrate to maven to have the automatic download
mechanism, see Ruper(http://krysalis.org/ruper/). Should be easy to
integrate into the existing build system. I think this
is the way to go.
Stephan.
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Stefano Mazzocchi <st...@apache.org>.
Geoff Howard wrote:
> Yes, that's the point indeed. ASL is supposed to be a business-friendly
> license. If Cocoon uses distribution-time tricks to technically comply
> with the ASL but in the process nullifies its intent for some users, we
> have failed IMO.
Geoff, we already comply with the license.
It's just that Brian is afraid that the ASF can be sued back for
"unfaithfull labelling" if some of our users is sued because they tought
that "everything" was simply under the ASF license.
I personally think that if there is a problem of "unfaithfull labeling"
we just have to clarify the label, not stop selling the product entirely!
but I'm not who decides these things and I'm not lawyer.
--
Stefano.
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Torsten Curdt <tc...@vafer.org>.
> Is a company using Cocoon to deliver web applications redistributing
> Cocoon? (yes, I think).
That's the question! I'd say no ...as long as you
don't bundle it and sell it as part of you software
removing the license or the like.
But AFAIU you may use those (for us) problematic
jars in your project. But hell - I am no lawyer.
> Then from what I can tell, a good portion of
> even our own committers, not to mention people on the users list would
> have a problem.
Of course that would give a different picture.
>> If it's really a problem for the ones distributing is still
>> the question anyway (I doubt it) But this way it's not the
>> ASF that would have to take the responsibility for that.
>>
>> I guess that's the point
>
> Yes, that's the point indeed. ASL is supposed to be a business-friendly
> license. If Cocoon uses distribution-time tricks to technically comply
> with the ASL but in the process nullifies its intent for some users, we
> have failed IMO.
Sure I hear what you are saying ...but
may those users use the jars for their
projects if they were downloading them
by theirselves?
If yes - this is only a trick to circumvent
the redistribution clause. If not - they
may not use them anyway. And hiding this behind
the ASL doesn't make it any better.
Especially for the ASF!
cheers
--
Torsten
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Geoff Howard <co...@leverageweb.com>.
Torsten Curdt wrote:
>>> Isn't this missing the whole point of the current licensing
>>> discussion? If we cook up a system that allows us to create and
>>> distribute cocoon but that product now cannot be used to build a
>>> commercial application without questions of further license
>>> requirements (source code availability, etc.) have we served our
>>> users well?
>>
>>
>>
>> That's exactly the problem I have with this library system. Isn't
>> Apache stuff that common because of its ease of use? I don't want to
>> do license checking for every dependent project I get from somewhere.
>> Moving this to the users is just a poor move and should be avoided if
>> possible. It's not just about downloading one more JAR.
>
>
> Well, AFAIU they will only run into the same legal hassle if
> they try to *redistribute* cocoon as a whole!! So no problem
> for the simple user.
Is a company using Cocoon to deliver web applications redistributing
Cocoon? (yes, I think). Then from what I can tell, a good portion of
even our own committers, not to mention people on the users list would
have a problem.
> If it's really a problem for the ones distributing is still
> the question anyway (I doubt it) But this way it's not the
> ASF that would have to take the responsibility for that.
>
> I guess that's the point
Yes, that's the point indeed. ASL is supposed to be a business-friendly
license. If Cocoon uses distribution-time tricks to technically comply
with the ASL but in the process nullifies its intent for some users, we
have failed IMO.
Geoff
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Torsten Curdt <tc...@vafer.org>.
>> Isn't this missing the whole point of the current licensing
>> discussion? If we cook up a system that allows us to create and
>> distribute cocoon but that product now cannot be used to build a
>> commercial application without questions of further license
>> requirements (source code availability, etc.) have we served our users
>> well?
>
>
> That's exactly the problem I have with this library system. Isn't Apache
> stuff that common because of its ease of use? I don't want to do license
> checking for every dependent project I get from somewhere. Moving this
> to the users is just a poor move and should be avoided if possible. It's
> not just about downloading one more JAR.
Well, AFAIU they will only run into the same legal hassle if
they try to *redistribute* cocoon as a whole!! So no problem
for the simple user.
If it's really a problem for the ones distributing is still
the question anyway (I doubt it) But this way it's not the
ASF that would have to take the responsibility for that.
I guess that's the point
--
Torsten
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Joerg Heinicke <jo...@gmx.de>.
On 12.03.2004 13:14, Geoff Howard wrote:
> Isn't this missing the whole point of the current licensing discussion?
> If we cook up a system that allows us to create and distribute cocoon
> but that product now cannot be used to build a commercial application
> without questions of further license requirements (source code
> availability, etc.) have we served our users well?
That's exactly the problem I have with this library system. Isn't Apache
stuff that common because of its ease of use? I don't want to do license
checking for every dependent project I get from somewhere. Moving this
to the users is just a poor move and should be avoided if possible. It's
not just about downloading one more JAR.
Joerg
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Stefano Mazzocchi <st...@apache.org>.
Geoff Howard wrote:
> Bertrand Delacretaz wrote:
>
>> Sounds like the way to go, intelligently downloading dependencies from
>> some non-ASF repository should solve most, maybe all of the licensing
>> problems, and help make Cocoon more lightweight for many uses.
>>
>> IIRC last time this was discussed the debate quickly moved to a heated
>> discussion on the relative merits of Maven and other similar tools -
>> if we're going to discuss this again, we must be careful to focus on
>> the goals rather than on the tools!
>
>
>
> Isn't this missing the whole point of the current licensing discussion?
> If we cook up a system that allows us to create and distribute cocoon
> but that product now cannot be used to build a commercial application
> without questions of further license requirements (source code
> availability, etc.) have we served our users well?
wait!
let's keep reasonable here, ok?
We are distributing cocoon today and it's *already* a legal hell to go
thru to find out how to package cocoon in a commercial product and
redistribute it. The cocoon *code* is licensed under the apache license,
the libraries are licensed according to the /legal directory, as we
specify in the README file.
Brian thinks that this is not enough and yields the false impression
that *everything* is licensed under the apache license.
Not everybody agrees with him.
But due to the nature of cocoon, installations are just that: installations.
99% of our users do not redistribute cocoon as part of their system.
They use it to provide a service. And, if they do redistribute cocoon as
a part of their software, they will need to comply to *ALL* the licenses
that we ship.
[but since we did the job for them to screen the compatibilities, they
have to make sure that they comply to the other things, like IP and
patent rights]
If we do not redistribute, say, Rhino, this makes it more obvious that
they have to comply to the license because they have to download it
themselves... but if we do it thru a package manager, well, it's the
same thing.
IMHO, stopping distributing libraries under the MPL doesn't buy us
nothing, the legal issues are all already there, we should just make it
more obvious when the user downloads our distribution.
NOTE: legal issues are nasty with IP and patents anyway. Open source is
not freeing you from living in the real world, unfortunately.
--
Stefano.
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's Rhino+continuations fork)
Posted by Bertrand Delacretaz <bd...@apache.org>.
Le Vendredi, 12 mars 2004, à 13:14 Europe/Zurich, Geoff Howard a écrit :
> Bertrand Delacretaz wrote:
>
>> Sounds like the way to go, intelligently downloading dependencies
>> from some non-ASF repository should solve most, maybe all of the
>> licensing problems, and help make Cocoon more lightweight for many
>> uses.
>>
>> IIRC last time this was discussed the debate quickly moved to a
>> heated discussion on the relative merits of Maven and other similar
>> tools - if we're going to discuss this again, we must be careful to
>> focus on the goals rather than on the tools!
>
>
> Isn't this missing the whole point of the current licensing
> discussion? If we cook up a system that allows us to create and
> distribute cocoon but that product now cannot be used to build a
> commercial application without questions of further license
> requirements (source code availability, etc.) have we served our users
> well? ...
There are several blocks already (fins for example) which cannot be
distributed with Cocoon because of incompatible licenses, even though
for many users these licenses wouldn't be a problem. This causes these
components to get less visibility than they might deserve.
I think it can only serve Cocoon to have a mechanism where such
"license-incompatible" stuff can be better integrated from our user's
point of view.
IMO, allowing dependencies to be downloaded automatically from non-ASF
sites would help in this respect, whatever the outcome of the current
discussion about licensing is.
So I think it makes sense to discuss these matters (dependencies
management and licensing issues) separately.
-Bertrand
Re: Using Maven (or something similar) for dependencies? (Was: Cocoon's
Rhino+continuations fork)
Posted by Geoff Howard <co...@leverageweb.com>.
Bertrand Delacretaz wrote:
> Sounds like the way to go, intelligently downloading dependencies from
> some non-ASF repository should solve most, maybe all of the licensing
> problems, and help make Cocoon more lightweight for many uses.
>
> IIRC last time this was discussed the debate quickly moved to a heated
> discussion on the relative merits of Maven and other similar tools -
> if we're going to discuss this again, we must be careful to focus on
> the goals rather than on the tools!
Isn't this missing the whole point of the current licensing discussion?
If we cook up a system that allows us to create and distribute cocoon
but that product now cannot be used to build a commercial application
without questions of further license requirements (source code
availability, etc.) have we served our users well?
Geoff