Matthew Toseland <matt...@toselandcs.co.uk> writes: > On 10/01/18 21:15, Florent Daigniere wrote: >> On Wed, 2018-01-10 at 21:10 +0000, Matthew Toseland wrote: >>> 1. Gradle, >>> >>> 2. Deployment/updating of JARs etc. … >>> So what is going on, and why?
>> What's happening is that Arne is refusing to move forward... and keeps >> releasing off the old release tools and Ant. >> >> The rest of the team has been working on next (I've done most of the >> current gradle support, including deterministic builds, ... steve has >> been working on the release tools, ...) > > So you are checking the hashes of the downloaded components? > > I thought Gradle was just an evolution of Maven, with all the problems > that implies: Recursively pulling random JAR files, with very little > authentication, pay-for-only signature checking, and a guarantee that > everyone who uploaded those JARs hasn't paid for that feature. In other > words, malware galore. > > If that's the world that Gradle takes Freenet into, then I can entirely > understand why Arne would have a problem with it. I do not have a problem with gradle, and I find it irritating that this is claimed again and again. Gradle is OK, and it will make it much, much easier for non-anonymous developer to join up. I’ve been trying to ensure a safe transition to gradle for a year now, and I’ve seen rocks thrown into that path repeatedly. The requirement for that is to keep the change as small as possible, but there were two really scarring problems: - the deletion of ant from next meant that I could not start out releasing the code from ant in one build and then release the same code from gradle in the next so the change would have been limited to switching the build system; and would not have contained multiple routing affecting changes. - when I had managed to minimize the difference between next and master, downloads.freenetproject.org went away, which broke our last resort clearnet updater. Given that there are changes in next which affect routing which I could not backport to master because they changed the dependencies, I had to at least get a minimal last resort updater working again so users would at least be able to update if routing broke. Now I’m finally at a point where at least the Linux updater provides minimal failover updates again and is released, so could we stop these discussions which only suck up time and energy needed to get the last step to gradle done? >> Have a look to the diff of the last few released builds; it's >> depressing. What do you think why the diff was so small? Would you expect it to be that small if I wanted to keep releasing from ant? Best wishes, Arne -- Unpolitisch sein heißt politisch sein ohne es zu merken
signature.asc
Description: PGP signature
