Re: [gentoo-user] gradle as source? How safe are overlays?

2023-10-16 Thread n952162 

That's what I was afraid of hearing  ;-)


On 10/16/23 22:54, Michael Orlitzky wrote:

On Mon, 2023-10-16 at 21:29 +0200, n952162 wrote:

Why might it only be in an overlay?

Because it bundles 100+ other packages. That is inherently a security
risk, although plenty of people use Windows and install all of their
software that way and are perfectly happy on those days of the year
when their documents aren't encrypted by ransomware.

Re: [gentoo-user] gradle as source? How safe are overlays?

2023-10-16 Thread Michael Orlitzky 
On Mon, 2023-10-16 at 21:29 +0200, n952162 wrote:
> Why might it only be in an overlay?

Because it bundles 100+ other packages. That is inherently a security
risk, although plenty of people use Windows and install all of their
software that way and are perfectly happy on those days of the year
when their documents aren't encrypted by ransomware.

Re: [gentoo-user] gradle as source? How safe are overlays? [resend]

2023-10-16 Thread n952162 

On 10/16/23 21:30, Viktar Patotski wrote:

Usually all gradle projects contain gradle wrappers (gradlew.bat and
gradlew.sh). If you have them, you just need Java and run: ./gradlew build




Yes, that was the case with f-droid/sms-ie-master, totally easy. But not
for f-droid/mupdf, unfortunately.  But I read that it's easy enough to
generate a gradlew - if you have gradle ...

Re: [gentoo-user] gradle as source? How safe are overlays?

2023-10-16 Thread Viktar Patotski 
Usually all gradle projects contain gradle wrappers (gradlew.bat and
gradlew.sh). If you have them, you just need Java and run: ./gradlew build

Viktar

On Mon, Oct 16, 2023 at 9:29 PM n952162  wrote:

> In order to build an android app, I need gradle.  Apparently, there's
> only a binary version in gentoo, dev-java/gradle-bin, but there's a
> source version in the mva overlay.  Why might it only be in an overlay?
>
> This link:
>
> https://wiki.gentoo.org/wiki/Gradle#Availability
>
> links to:
>
> https://github.com/msva/mva-overlay/tree/master/dev-java/gradle
>
> containing 3 files, none of which is 100 lines.
>
> If that's all it takes, why not be part of the distribution?
>
> TIA
>
>
>
>

[gentoo-user] gradle as source? How safe are overlays?

2023-10-16 Thread n952162 

In order to build an android app, I need gradle.  Apparently, there's
only a binary version in gentoo, dev-java/gradle-bin, but there's a
source version in the mva overlay.  Why might it only be in an overlay?

This link:

https://wiki.gentoo.org/wiki/Gradle#Availability

links to:

https://github.com/msva/mva-overlay/tree/master/dev-java/gradle

containing 3 files, none of which is 100 lines.

If that's all it takes, why not be part of the distribution?

TIA