Recommended way to install Rubygems
in [Ruby]
|
From: Lucas Nussbaum on 18 Mar 2010 19:07 On 19/03/10 at 06:44 +0900, John W Higgins wrote: > Good Afternoon, > > On Thu, Mar 18, 2010 at 1:07 PM, Lucas Nussbaum <lucas(a)lucas-nussbaum.net>wrote: > > > With ruby libraries: > > - it is usually difficult to find a usable source. Sometimes we have to > > extract the gem and convert it to a tgz. We also have a service > > (githubredir.debian.net) that allows us to fetch a specific tag on > > github as a .tgz. > > > > I'm rather confused by this - a gem file (at least as far as I can find) > contains two files data.tar.gz and metadata.tar.gz within the tar.gz shell > of the .gem file - what exactly is the issue with that layout? Is there > something specific that this doesn't provide you that is of great > importance? It's just extra work. Also, if I remember correctly, the dates in the data.tar.gz file are incorrect because of a missing feature in the pure-ruby tar implementation in rubygems. > > - then we often have to modify the source, to remove the calls to > > "require 'rubygems'" > > > > I'm pretty sure that's a one liner for 99.9% of cases and I really don't > think is necessary - you really should look at how Gentoo installs gems > because we get the benefit of both "manually" installing a package as well > as full integration within RubyGems (for example gem list --local shows all > gems installed via portage and well as gem install). If there is no ebuild > file we can infact turn to emerge-gem to take a gem file and create an > ebuild (including full dependency checks from the gem itself). Does it work > every single time - nope - but it seems like a huge improvement over what is > going on with Debian at the moment. > > > - then we have to find a way to install the files. If the directory > > structure uses the setup.rb standard (bin/, lib/, etc...), then it's > > easy, and we use our own copy of setup.rb to install everything. > > But some libraries don't ship the files in a very organized way. > > Again, you keep seeming to want to continue to take shot after shot at > developers when clearly it's an issue with the ability of Debian to have any > flexibility - again looking at Gentoo it somehow, in a very much automated > fashion, manages to handle all these wild and wacky libraries. > > In fact you might want to look at Gentoo as a way to create sources packages > because it seems to handle all your issues and will present a nice simple > tar.bz2 package of the files that might be much easier to work with in > regards to your need for standardization. And I'm truly not saying that to > be an idiot or anything - it really seems like Gentoo has solved the issues > you are having, at least with respect to getting the files into some form of > a constant layout which may be of great help to you. I agree that we could have a better infrastructure on the Debian side to deal with that, and automate many of the tasks. None of the problems are particularly hard, we just all lack time (and motivation to work on a somehow poisonous issue). I really think that, in the end, whether to plug into the gems system (like Gentoo does) or to leave it for manual installs by the user (like Debian does) is mainly a matter of taste. Btw, I see in the github portage tree that former versions for gems are apparently no longer available. How do you deal with gems that require a specific (ancient) version of another gem? -- | Lucas Nussbaum | lucas(a)lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lucas(a)nussbaum.fr GPG: 1024D/023B3F4F |
From: Lucas Nussbaum on 19 Mar 2010 02:59 On 19/03/10 at 13:20 +0900, Dido Sevilla wrote: > On Thu, Mar 18, 2010 at 11:02 PM, Lucas Nussbaum > <lucas(a)lucas-nussbaum.net> wrote: > > If, maybe, the Ruby community fixed the fact that it's illegal to load > > all of stdlib in the same process (because of OpenSSL vs GPL) > > http://www.openssl.org/support/faq.html#LEGAL2 > > "On many systems including the major Linux and BSD distributions, yes > (the GPL does not place restrictions on using libraries that are part > of the normal operating system distribution). " Full quote: "On other systems, the situation is less clear. Some GPL software copyright holders claim that you infringe on their rights if you use OpenSSL with their software on operating systems that don't normally include OpenSSL. If you develop open source software that uses OpenSSL, you may find it useful to choose an other license than the GPL, or state explicitly that "This program is released under the GPL with the additional exemption that compiling, linking, and/or using OpenSSL is allowed." If you are using GPL software developed by others, you may want to ask the copyright holder for permission to use their software with OpenSSL." Note that the FSF and Debian think that this is a problem. I'm not sure how the Ruby copyright is managed. If it is possible to change the license, I would suggest adding a GPL exemption clause (like wget did, for example), which would clarify the situation. From wget's README file: Additional permission under GNU GPL version 3 section 7 If you modify this program, or any covered work, by linking or combining it with the OpenSSL project's OpenSSL library (or a modified version of that library), containing parts covered by the terms of the OpenSSL or SSLeay licenses, the Free Software Foundation grants you additional permission to convey the resulting work. Corresponding Source for a non-source form of such a combination shall include the source code for the parts of OpenSSL used as well as that of the covered work. -- | Lucas Nussbaum | lucas(a)lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lucas(a)nussbaum.fr GPG: 1024D/023B3F4F |
From: Brian Candler on 19 Mar 2010 05:16 Austin Ziegler wrote: > Lawyers will agree that there's a distribution incompatibility since > the GNU GPL doesn't permit attribution requirements and OpenSSL > requires it under two different licences. If Debian are worried about infringement, then who do they think is going to sue them? (1) The OpenSSL copyright holders? http://www.openssl.org/support/faq.html#LEGAL2 Clearly, they see it as an issue of the GPL holders needing to extend their licence, not OpenSSL intending to restrict what GPL authors do. 'If you develop open source software that uses OpenSSL, you may find it useful to choose an other license than the GPL, or state explicitly that "This program is released under the GPL with the additional exemption that compiling, linking, and/or using OpenSSL is allowed."' Anyway, if the OpenSSL licence requires attribution, surely that applies only to OpenSSL itself? Do people think that it is viral in the way that the GPL is viral? (2) The Ruby/FreeRADIUS/etc people? Their code explicitly does things like #include <openssl.h>. It is quite obviously intended to be used and linked with OpenSSL. They might be worried if someone tried to redistribute Ruby+OpenSSL under a single combined licence which was more restrictive than the GPL. But Debian isn't doing that; they aggregate a whole load of software, each distributed under its own licence. Is there an all-encompassing "Debian Licence"? I didn't think so, and I wouldn't use Debian/Ubuntu if I discovered there were. -- Posted via http://www.ruby-forum.com/.
From: Lucas Nussbaum on 19 Mar 2010 06:13 On 19/03/10 at 18:16 +0900, Brian Candler wrote: > Austin Ziegler wrote: > > Lawyers will agree that there's a distribution incompatibility since > > the GNU GPL doesn't permit attribution requirements and OpenSSL > > requires it under two different licences. > > If Debian are worried about infringement, then who do they think is > going to sue them? > > (1) The OpenSSL copyright holders? [..] > (2) The Ruby/FreeRADIUS/etc people? [..] You shouldn't assume that because someone is very friendly now, it will always be the case. There has been several occurrences of people or groups changing their mind, because, for a example, a company was bought by another one with a less friendly position. Note that Freeradius has a exception for OpenSSL in src/LICENSE.openssl. Ruby doesn't AFAICS. > They might be worried if someone tried to redistribute Ruby+OpenSSL > under a single combined licence which was more restrictive than the GPL. > But Debian isn't doing that; they aggregate a whole load of software, > each distributed under its own licence. Is there an all-encompassing > "Debian Licence"? I didn't think so, and I wouldn't use Debian/Ubuntu if > I discovered there were. There isn't. -- | Lucas Nussbaum | lucas(a)lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lucas(a)nussbaum.fr GPG: 1024D/023B3F4F |
From: Brian Candler on 19 Mar 2010 07:22
Lucas Nussbaum wrote: > Note that Freeradius has a exception for OpenSSL in src/LICENSE.openssl. Ah, that's pretty recent, thanks for pointing it out. I look forward to an EAP-capable freeradius out of the box. > Ruby doesn't AFAICS. Has it been requested? -- Posted via http://www.ruby-forum.com/. |