Hi Dave; --- Mar 29/5/12, Dave Fisher <dave2w...@comcast.net> ha scritto: ... > > There are issues with these embedded convenience packages. > > (1) Some are Category B. An issue to some more than others. > > (2) Some are patched versions of existing open-source > packages. We should attempt to push these upstream. The > COINMP patch looks trivial. We may need to have special > builds, but we should be avoiding and removing. > > (3) Some are specific versions of open-source packages. We > should try to get official distributions and use a version > at Apache Extras as a known version. > > (4) Some are versions of Apache open-source packages. We > should use the appropriate release or archive from the > project. > > > ext_sources dave$ ls -1 > 0168229624cfac409e766913506961a8-ucpp-1.3.2.tar.gz > 067201ea8b126597670b5eff72e1f66c-mythes-1.2.0.tar.gz > 0b49ede71c21c0599b0cc19b353a6cb3-README_apache-commons.txt > 128cfc86ed5953e57fe0f5ae98b62c2e-libtextcat-2.2.tar.gz > 17410483b5b5f267aa18b7e00b65e6e0-hsqldb_1_8_0.zip > 1756c4fa6c616ae15973c104cd8cb256-Adobe-Core35_AFMs-314.tar.gz > 18f577b374d60b3c760a3a3350407632-STLport-4.5.tar.gz > 1f24ab1d39f4a51faf22244c94a6203f-xmlsec1-1.2.14.tar.gz > 220035f111ea045a51e290906025e8b5-libpng-1.5.1.tar.gz > 24be19595acad0a2cae931af77a0148a-LICENSE_source-9.0.0.7-bj.html > 284e768eeda0e2898b0d5bf7e26a016e-raptor-1.4.18.tar.gz > 2ae988b339daec234019a7066f96733e-commons-lang-2.3-src.tar.gz > 2b5f1ca58d6ef30f18f1415b65bed81c-CoinMP-1.6.0.tgz > 2c9b0f83ed5890af02c0df1c1776f39b-commons-httpclient-3.1-src.tar.gz > 2f6ecca935948f7db92d925d88d0d078-icu4c-4_0_1-src.tgz > 35efabc239af896dfb79be7ebdd6e6b9-gentiumbasic-fonts-1.10.zip > 377a60170e5185eb63d3ed2fae98e621-README_silgraphite-2.3.1.txt > 3b179ed18f65c43141528aa6d2440db4-serf-1.0.0.tar.bz2 > 3c219630e4302863a9a83d0efde889db-commons-logging-1.1.1-src.tar.gz > 48470d662650c3c074e1c3fabbc67bbd-README_source-9.0.0.7-bj.txt > 48a9f787f43a09c0a9b7b00cd1fddbbf-hyphen-2.7.1.tar.gz > 48d8169acc35f97e05d8dcdfd45be7f2-lucene-2.3.2.tar.gz > 61f59e4110781cbe66b46449eadac231-croscorefonts-1.21.0.tar.gz > 63ddc5116488985e820075e65fbe6aa4-openssl-0.9.8o.tar.gz > 666a5d56098a9debf998510e304c8095-apr-util-1.4.1.tar.gz > 68dd2e8253d9a7930e9fd50e2d7220d0-hunspell-1.2.9.tar.gz > 7376930b0d3f3d77a685d94c4a3acda8-STLport-4.5-0119.tar.gz > 7740a8ec23878a2f50120e1faa2730f2-libxml2-2.7.6.tar.gz > 7e4e73c21f031d5a4c93c128baf7fd75-apache-tomcat-5.5.35-src.tar.gz > 97262fe54dddaf583eaaee3497a426e1-apr-1.4.5.tar.gz > 980143f96b3f6ce45d2e4947da21a5e9-stax-src-1.2.0.zip > 99d94103662a8d0b571e247a77432ac5-rhino1_7R3.zip > a169ab152209200a7bad29a275cb0333-seamonkey-1.1.14.source.tar.gz > a2c10c04f396a9ce72894beb18b4e1f9-jpeg-8c.tar.gz > a7983f859eafb2677d7ff386a023bc40-xsltml_2.1.2.zip > ada24d37d8d638b3d8a9985e80bc2978-source-9.0.0.7-bj.zip > af3c3acf618de6108d65fcdc92b492e1-commons-codec-1.3-src.tar.gz > b92261a5679276c400555004937af965-nss-3.12.6-with-nspr-4.8.4.tar.gz > bc702168a2af16869201dbe91e46ae48-LICENSE_Python-2.6.1 > c441926f3a552ed3e5b274b62e86af16-STLport-4.0.tar.gz > c735eab2d659a96e5a594c9e8541ad63-zlib-1.2.5.tar.gz > ca66e26082cab8bb817185a116db809b-redland-1.0.8.tar.gz > cf8a6967f7de535ae257fa411c98eb88-mdds_0.3.0.tar.bz2 > d35724900f6a4105550293686688bbb3-silgraphite-2.3.1.tar.gz > e61d0364a30146aaa3001296f853b2b9-libxslt-1.1.26.tar.gz > e81c2f0953aa60f8062c05a4673f2be0-Python-2.6.1.tar.bz2 > ea570af93c284aa9e5621cd563f54f4d-bsh-2.0b1-src.tar.gz > ea91f2fb4212a21d708aced277e6e85a-vigra1.4.0.tar.gz > ecb2e37e45c9933e2a963cabe03670ab-curl-7.19.7.tar.gz > ee8b492592568805593f81f8cdf2a04c-expat-2.0.1.tar.gz > f872f4ac066433d8ff92f5e316b36ff9-dejavu-fonts-ttf-2.33.zip > fca8706f2c4619e2fa3f8f42f8fc1e9d-rasqal-0.9.16.tar.gz > fcc6df1160753d0b8c835d17fdeeb0a7-boost_1_39_0.tar.gz > fdb27bfe2dbe2e7b57ae194d9bf36bab-SampleICC-1.3.2.tar.gz > > Do we seriously need to carry our own version of Python > 2.6.1? Aren't the Adobe Base 35 AFMs good for all. There > must be a common location. >
FreeBSD and most linux distributions have been moving towards using prepackaged versions of this stuff when possible. I have been updating some of these packages attempting not to break the API but I am far from over. The main reason why we don't just use prepackaged stuff for everything and throw stuff like python 2.6.1 away is that it is not practical for windows (which is the major platform). Our python is severely patched for other palforms and those patches have taken a lot of time to update even for a minor version update. The problem with Category B is that according to Apache Policies we shouldn't be carrying the sources but instead we should carry links to the sources in the NOTICE file. For 3.4 we didn't comply (embarrassingly the COIN-OR guys noted this!). The idea is that we should be using unmodified binaries so carrying fonts and java bytecode would be OK, but carrying tarballs with sources was not really intended. In the case of NSS and Seamonkey, our versions are way too outdated: I think the Seamonkey version we carry is not even available online anymore and there are known security risks. Pedro.
