RE: Tomcat 4.0 RPMs?

2001-10-01 Thread GOMEZ Henri 

 Jaxp and crimson are built from xml-commons and xml-crimson 
( both are
 Apache packages ). We do check in binaries - which is consistent with
 apache licence, but anyone can built them from sources as well.

In the RPM case, we use dependencies to have them included from allready
installed RPM. But it's not the case in the CURRENT version of RPM where
we install crimson which is allready present in sources. 

Should I change to make xerces/crimson (jaxp requirement) required 
for both build and runtime (easy to do) ? I'm sure that some of my
friend in RPM packaging (hello Guillaume) will prefer this method.

 The only problem is JSSE - it's clear the official RPM
 can't include JSSE, nor the classes that depend on it ( since that
 would mean the source RPM couldn't be distributed ). We can
 distribute a separate RPM with JSSE-dependent classes. That's not
 a major problem for linux - since Henri is already building mod_jk,

Yep, JSSE is of course the most restrictive license of them 
all, because of the goofy crypto laws. :(

Why couldn't we use the today JSSE as we use OpenSSL. I was told that
some legals aspect on RSA has been relaxed this year. 

 so SSL will be supported via Apache, which is the best (and fastest)
 solution anyway.

Arrggg! Why does Standalone + SSL get no respect? It performs 
quite well, in my 
(extensive) experience. Also, I've never hit a single real 
bug in it, in 
either tree. Whether Apache is slightly better at SSL than 
Tomcat standalone 
isn't even a relevant comparison. If you're running TC behind 
another web 
server, then that web server needs to handle it. If you're 
running standalone, 
then Tomcat needs to handle it. Installing Apache to run in 
front of TC *just* 
to handle SSL is compeltely unnecessary.

You know that my friend, crypto is a hog cpu task and having it
handled by Java code will be more expensive that the native
(even asm) code in OpenSSL for example. But you're rigth when 
you tell we could use SSL in 100% java mode...

Anyway, I'm trying very hard to build confidence in standalone 
SSL, write 
extensive docs for it, enhance it, patch it, and work out what 
I see as its 
weak points. Please don't impune it :)

Never ;)

 Regarding the jars included in 4.0 - I do have few issues.
 
 First, how in the world did we got to depend on mail.jar and
 activation.jar and the other ?

Dunno, I'll let someone else answer that one.

 I believe including such features could be decided by vote,

I don't have a problem with that. Technically, of course, it 
would only be a 
vote for what kind of RPM can be officially hosted on the 
download site. Anyone 
can package an RPM however they like, they just have to distribute it 
themselves.

Yes even Sun could do such packaging :) 
More seriously the problem here is all the requirement and I'll
be to have a Tomcat 4.0 ligth, with less external dependencies.
Or may be we must mark that TC 4.0 is for J2EE 1.3 only !

 and only
 after the PMC and ASF clearly posts the policy that allow 
such things.

 If ASF has any rule that allow us to take any package we want that is
 redistributable and use it - that's great news.
 
 If ASF has a list of 'aproved' licences that we can include - that's
 even
 better ( and I hope LGPL makes it to the list - at least it 
has source
 code available :-).
 
 It would be nice to have this posted somewhere - so we all know the
 rules.

Agreed. But in the absence of an official policy, I'll go by 
what that one PMC 
dude said in response to Jon's concerns: By and large, and 
code checked into 
the tree by Sun employees falls under the Sun-Apache 
agreement. I don't think 
it's unreasonable to accept that at face value until there 
*is* an official 
policy posted.

Without a specific policy disallowing it, I operate under the 
assumption that 
it is left up to the discretion of the particular community, 
and good old-
fashioned common sense.

 I'm -1 on including any non-apache binary unless the ASF/PMC
 explicitely allows it. That's my vote in case this is put to a vote
 on tomcat-dev

I'm -1 making anything bad for ASF in general and will wait 
for Craig validation for my packaging proposal :

- Get jar in tomcat binary
- Get source in tomcat source 

= provide tomcat RPM 

Because if Craig's interpretation of the licenses is correct, 
then I don't see 
a licensing problem at all. It just becomes a matter of 
packaging philosophies.

Incidentally, there are only about 500 people in here from 
Sun. Can't somone 
just run it down to Legal ;-)

Yes some lobbying should be nice and many people in PMC 
ask Sun to OpenSource Java. May be Sun could start by
OpenSource more external libs, as they do for servlet/JSP
API

Re: Tomcat 4.0 RPMs?

2001-09-27 Thread Christopher Cain 

Hi Vic. We're currently trying to sort out the best way of packaging a 4.0 RPM. 
TC4 has quite a few external jar dependencies ... some optional, some 
mandatory. We're kind of between a rock and a hard place with both a few of the 
RPM packaging policies as well as some jar redistribution issues.

The prevailing theory seems to be that the RPM should include just the absolute 
minimum number of jars required to successfully run a minimal build of Tomcat. 
The rest will still have to be downloaded separately (although we might make 
a tomcat-supplimental.tar.gz available containing all of the optional jars 
that we can safely redistribute). The problem is that RPM packaging policies 
frown upon including external binaries (in our case non-TC jars) in the RPM, 
and beyond that, doing so is not really good form anyway.

In other words, the RPM install isn't going to be as painless as we would like. 
If you are comfortable with building from source, and if you need anything 
other than a minimal build, the source might be your best bet. (You could also 
just download the binaries, of course.) I'm not even sure that an exact 
approach for TC4 RPMs has been decided upon, and I'm also not sure what Henri's
(our RPM packager) timeframe is, so AFAIK the date on having an RPM is still up 
in the air.

Quoting Vic Ricker [EMAIL PROTECTED]:

 Hi.
 
 Will RPMs for Tomcat 4.0 be released on the web site any time soon?
 
 I have no problem installing from the tar but I'd prefer the RPM since
 that's
 how I installed the previous version.
 
 Thanks,
 -Vic

- Christopher

/**
 * Pleurez, pleurez, mes yeux, et fondez vous en eau!
 * La moitiƩ de ma vie a mis l'autre au tombeau.
 *---Corneille
 */

RE: Tomcat 4.0 RPMs?

2001-09-27 Thread GOMEZ Henri 

Hi Vic. We're currently trying to sort out the best way of 
packaging a 4.0 RPM. 

TC4 has quite a few external jar dependencies ... some optional, some 
mandatory. We're kind of between a rock and a hard place with 
both a few of the 
RPM packaging policies as well as some jar redistribution issues.

I'm still waiting for Craig answer on externals jars avaibility
outside Sun site (jta, jmx, ldap, ).

I've asked to have them all of them in a tomcat-supplemental
tarball available on jakarta.apache.org to have them included
in TC 4.0 RPM, of course if license permit that also.
Something to be validated by Sun Lawyers.

The interest of the RPM is that it provides a ready-to-run 
solution but it won't be the case if the users need to grab 
and then install (where) the external jars by hand.

Some could think we could get the TC 4.0 binary and package it
in RPM but it's also not a solution since RPM policies ask to
have a binary generated from one or many sources and in that 
case it won't be the case.

Only some vendors provide RPM like this, JDK/SDK from Sun/IBM
for example but these tools are not OpenSource...

Until I got a positive answer from Craig, I'll have to delay
TC 4.0 RPM (allready done in-house) and I'm more than sorry 
about that.