Zope2 packaging

Jonas Meurer jonas at freesources.org
Tue Jun 21 11:51:05 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey Zope Packagers,

Now that both ftpmasters and the release team got enough time to comment
on our zope2.12 packages, I guess it is time to finally upload the
packages and see whether they pass NEW.

I just uploaded new zope-debhelper and zope-common packages with support
for zope2.13, zope2.14 and python2.7, in order to ease the transitions
later.

The zope2.12 packages work for me, and at least Gael reported the same
to me.

Are you ok with me uploading zope2.12 packages within the next two weeks?

Greetings,
 jonas

Am 02.06.2011 13:24, schrieb Jonas Meurer:
> Hello,
> 
> First, thanks Michael and Arnaud for the work on zope2.12 Debian
> packages.
> 
> On 02/05/2011 Arnaud Fontaine wrote:
>> Once upon  a time,  zope2.X could be  easily installed on  Debian (until
>> 2.10), and thanks to dzhandle, it was pretty easy and straightforward to
>> use. Unfortunately it is not  anymore since the upstream decided to move
>> to  a modularized  approach (with  ZTK) ratherthan  having  a monolithic
>> tarball, which is a good thing, in most cases at least.
>>
>> Unfortunately, it has became a  nightmare from a packager point of view,
>> because  each released version  of Zope  depends upon  specific versions
>> of these modules, which sometimes (often?)  include backward-incompatible
>> changes, thus leading to  conflicting dependencies between each released
>> version.
>>
>> Moreover,  as of  Zope 2.12,  there  are about  89 eggs  pulled down  as
>> dependencies  when using  the regular  build process  and the  number is
>> growing because  more and more duplicated  code with ZTK  is being moved
>> out of Zope2.
>>
>> In addition,  several Zope applications, like Plone,  require a specific
>> Zope version. Therefore, we also would  like to be able to offer, at the
>> same time, several  major versions of Zope (2.12  and 2.13 for example),
>> like we once did  for Zope 2.9 and 2.10, and like  we do for versions of
>> Python.
>>
>>
>> We thought about two solutions to address these issues:
>>
>> 1/ Versionning each  component of the ztk so we can  install at the same
>>    time zope-foo 1.2.1 and zope-foo 1.3.0.
>>
>> 2/ Packaging inside a zope2.12  package all the requirements of zope2.12
>>    which are not the current mainstream ztk.
>>
>> Even if  we don't  really like  it, the second  solution seems  the only
>> viable solution  because of  the number of  modules and the  breakage in
>> backward-compatibility. Not  doing so would  require versionned packages
>> for the 89  eggs required by Zope 2.12, and the  same for those required
>> by Zope 2.13.
>>
>>
>> The  purpose of this  email is  actually to  let the  debian-release and
>> debian-security teams  know before finalizing  the package, thus  we can
>> make sure  that the package gets  accepted and gets advices  as well. We
>> realize that's  a big burden for  those teams because  of the duplicated
>> modules, but we are willing to take care of that as much as possible.
> 
> Seems like neither Security-Team nor Release-Team responded to this
> mail. I added ftpmasters to Cc in order to give them a chance to
> comment.
> 
> If I got it right, all packaging-related issues have settled down, and
> from a Debian pkg-zope team point of view, the zope2.12 packages are
> ready to be uploaded.
> 
> Please be aware, that we as the Debian pkg-zope team are aware of the
> drawbacks of a monolithic zope2.12 package (with all zope eggs 
> included), but we discussed this issue to death, and don't see another
> solution. You can take a look at the meeting summary[1] for further
> details.
> 
> We (the Debian pkg-zope Team) feel responsible to help with any
> security- or license-issues that might arise with zope2 packages in the
> future. We also keep a close watch on the development of zope2, and
> switch the packages to depend on packaged zope eggs as soon as this
> might be an option (i.e. the zope eggs upstream maintainers guarantee
> backwards compability).
> 
> So, the last showstopper before zope2.12 packages can be uplaoded, are
> comments by Security-Team, Release-Team and FTPMasters whether the
> solution we've choosen is ok for them for the time being. Please send us
> your comments in case you've any.
> 
> On behalf of the Debian Zope2 packagers,
>  Jonas Meurer
> 
> 
> 
> _______________________________________________
> pkg-zope-developers mailing list
> pkg-zope-developers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-zope-developers

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOAIWpAAoJEFJi5/9JEEn+v0gP/1UxEyEvEtxP7tbHvh0wopxl
8Bth8YsI7SVY+SmyCPyHOrXL91CTDcYtQPd9VorgJq905MBnmZ3nparYaEQwEl5L
KS53yMBXY+V+LDTqaTWnUhHo5KeFCsvo3/Qm6xoTmRn45JNcRo602gs9ZeLa+nNX
1zvAf5LGrcEO5o1cpRb//3rU4zQj8xqrI4WkHZIwtCokOjrjiH6SC2v+fFntFlm2
Lmd/uTNINCccWf4iAUlfnN8h4kLZaFAUnlMl7gBDOqiSUT/tO+Hifbmm2leuGBiu
64swJh37k3ZNpVYbiXiwgvwfJbvauU/Zlo/P0BuAjHN65ahu9M7raNv0UmdWUCEI
Ca3Slay+KXTQuBA8twejNu4zMs5ajvD1kexjag2s0lF8Ucx6eGYvCF7eqY4ezZYb
lNT6zg22ryDBnqifwIyoSc7Jw0WTgHfJLUi+JQP3Zn7WDDQq2inblKS5+R1OTh0U
Is+z7CCLYIoQtsv7ulBtY43bJRkst4rpvsSxRG7Ia0W2huQ8retBrEU3uRJS+imo
fwaQIbRkCrOVZ3akDVjnIoGYaUdvkt7Qjr582ppkrGb5UPJ4AIA4RqIYxiBnp0GT
IO2kPnRH+W68JdOp+XBtjj4uAsP4E3Sur2CClR7gdVnyBAxlEgocvQdbZ1CRpoxm
ZEWsNQW53o8sJvB8WCpO
=h4hm
-----END PGP SIGNATURE-----

More information about the pkg-zope-developers mailing list