On Mon, Oct 5, 2015 at 12:57 AM, xor <x...@freenetproject.org> wrote: > > > - Maven/Gradle are now de-facto standard build systems for Java apps, > > and yet we're still using Ant (I was never convinced by the security > > argument against these tools, since we don't audit 3rd-party libraries > > anyway) > > There are 2 aspects here: > > 1) The security issue. >
Right, but it appears that solutions exist for this with Gradle. > 2) What can Maven do which Ant cannot do? Do we need those features? > Dependency management, and more importantly, Maven (and more recently Gradle) have become pretty-much industry standards, almost no new Java project uses Ant. If we want to attract new contributors, the fact that we have an outdated build system will be a turn-off for them. This yielded some nice ideas as prerequisites: > I don't see why either of these would be prerequisites. > > "Browser extension to indicate whether user is on Freenet or regular > Internet" > https://bugs.freenetproject.org/view.php?id=6687 > > "Bundle Tor with Freenet" > https://bugs.freenetproject.org/view.php?id=6689 > > I'm very happy that after all the years I finally got to think as far out > of > the box as it was necessary to suggest bundling Tor+Freenet: > The previous "How to tell users to decide whether to use Tor OR Freenet?" > thinking was too conservative. It should rather be "How can we make users > benefit from both Tor AND Freenet?". > They're quite complementary to each other after all: > Freenet provides anonymous access to decentralized sites, Tor does not. > Tor provides anonymous access to non-decentralized sites, Freenet does not. > Ship both, and users can access the "whole" Internet. > I really don't like this idea. I mean, couldn't the same reasoning be used to justify bundling almost anything with Freenet? Bitcoin? I2P? Where would you stop? And now we'd basically have to maintain a custom Tor installer, in addition to our existing installer. Pain all around, and for what? It's all downside. If someone wants to use both Freenet and Tor then they can download them individually, but I see no good reason to bundle two independent pieces of software just because they both solve related (but different) problems. Anyway, I hope we can agree on this: > - We can keep Ant unless we discover a feature in Maven which we must have; > and if we switch, we first must find a way to fix the security issues. > Here is the feature. A developer wants to work on Freenet, so they type: $ git clone g...@github.com:freenet/fred.git $ cd fred $ mvn assembly:assembly And now they've built a copy of Freenet. Is that the current experience for a new developer? I doubt it is, yet it is the experience for most contemporary Java projects. By not using a modern dependency management system we're creating a significant barrier to entry for new contributors to the code. Ian. -- Ian Clarke Founder, The Freenet Project Email: i...@freenetproject.org _______________________________________________ Devl mailing list Devl@freenetproject.org https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
