Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [orbit-dev] Impact for Orbit of recent PDE and Tycho extensions to consume Maven libs directly?

Adding the about/ip information shouldn't be a problem as the IPzilla issue id could be simply typed in a field when adding the m2 dependency. A drawback could be here, that each user needs to resolve all necessary ids by his/her own. That's a benefit of using Orbit.

A question would be, where the about.html/about_files are located? They are not available on Maven central, am I right? Locally? Couldn't that lead to a duplication and probably incorrect entries? The benefit of Orbit is, IMHO, that these pieces of information are peer reviewed.

Am 14.01.21 um 16:34 schrieb Roland Grunberg:
On Thu, 2021-01-14 at 16:06 +0100, Gunnar Wagenknecht wrote:

I think the AC is the better body to discuss this. I've added it to
the agenda for our call today.

FWIW, I believe as long as there are projects consuming Orbit it will
exists. However, one of the goals for EBR was always to be able to
consume Maven artifacts within the same reactor build. Thus, these
are great new features in Tycho.

It lacks a few features with regards to generating high quality
manifests. Maybe EBR recipes can be fetched dynamically as templates
and taken into account when generating the bundles?

 From a legal perspective ... the about/ip information needs to be
added. But I'm not sure this is still a strong requirements. We don't
do this for dependencies in other ecosystems (eg., JavaScript NPM).
Thus, we might be able to lift that.

With regards to signing this is a grey area. My current thinking is
that once artifacts are no longer consumed from they must
not be signed with an certificate. But I don't see any
issue with distributing unsigned 3rd party content in the same way
Maven Central distributes jars (hash validation and TLS transfer).
(didn't see this until I posted my thoughts, but glad we see the same
potential issues)

I think if the about.html/about_files inclusion and signing criteria
can be relaxed under these conditions, it would make adoption much

OpenChrom - the open source alternative for chromatography / mass spectrometry
Dr. Philip Wenig » Founder » philip.wenig@xxxxxxxxxxxxx »

Back to the top