On 26 Nov 2010, at 13:22, Dirkjan Ochtman wrote: > On Fri, Nov 26, 2010 at 12:55, Jan Lehnardt <j...@apache.org> wrote: >> This breaks the basic requirement of not requiring networks access for >> an installation which I remember Noah is advocating. > > Well, with doing it in the build system I really meant something that > pulls them in for the tarball (or a tarball -- have one with, and one > without the deps). > >> I think we can agree on that packaging and distribution is a tricky >> business and that there are not general right or wrong ways of doing >> it, just different priorities for certain trade-offs. > > Certainly agreed, though I think that, if you're putting deps in your > version control tree, a certain effort is required to: > > (a) track how our version and upstream's compare, e.g. at the least > make clear which version or revision our version is based on (oauth > has none of this, apparently), and > > (b) spend quite some time making sure patches we need (or some > variant of them) go upstream (for example, I'm not seeing any upstream > issue about getting SSL into mochiweb -- maybe there has been other > contact).
I think handle both well (erlang_oauth has been neglected, but I'm working on updating it as we speak, it didn't progress much) and if you follow dev@ and commits@ you can clearly see that. As for SSL an Mochiweb, it got SSL first. We (Robert) just updated the bundled Mochiweb version and started using the new SSL APIs. It's not that we added SSL to Mochiweb and then didn't push it back (modulo what Robert just wrote about that patch). Cheers Jan -- > > Cheers, > > dirkjan
