Note: sorry for the OT, but it's really interesting :-) Danny Angus wrote:
Ah, ok, good point. Using filenames is a reasonable possibility only if it's validated by the info in the manifest.Danny, it seems that you have a good idea of what you would like to see, could you give me some pointers, maybe an implementation idea? :-)
I don't think that I'm concerned with the repository *using* version information contained in the jars, if it keeps track externally and can return a file for a requiest containing name and version. The client should be able to tell whether or not a correctly named jar does or does not contain the intended library version. And furthermore that it can continue to tell even if the filename changes.
Of course this is what the manifest is supposed to do.
Yup.
What we need is a library management tool to allow shared libraries to be installed and maintained centrally by the JVM, this can be queried by application classloaders to discover the file containing the required version of the relevant package, the returned path would be added to the classloader.This is exactly what Ruper does, *except* for the confirmation step. I agree that we have to do it, thanks for the suggestion :-)
Then library installation would be a case of defining dependancies and pointing this tool at a URL containing jars for download.
If the version is found on the system no action is necessary,
otherwise;
Download the jar Confirm that the downloaded jar is indeed the expected version, Store it on the filesystem Provide classloaders with the path when they request the package version.
-ccing krysalis-dev for this-
Of course there are two immediate concerns,Yes, we are working on it in the sandbox with a Krysalis Version project. Currently the Ruper conventions seem reasonably strong enough (basically the Jakarta ones: name-major.minor.fix-?label-?date), but the Version project is for using diverse mechanisms and more robust ones.
1/ there is a requirement for strong names, whereby package names cannot collide.
2/ there is a security issue involved in allowing applications to access any installed library, even those not explicitly required by the application.
Could you please expand on this?
--
Nicola Ken Barozzi [EMAIL PROTECTED]
- verba volant, scripta manent -
(discussions get forgotten, just code remains)
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
