Zope2 packaging
Jonas Meurer
jonas at freesources.org
Tue Jun 21 11:51:05 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hey Zope Packagers,
Now that both ftpmasters and the release team got enough time to comment
on our zope2.12 packages, I guess it is time to finally upload the
packages and see whether they pass NEW.
I just uploaded new zope-debhelper and zope-common packages with support
for zope2.13, zope2.14 and python2.7, in order to ease the transitions
later.
The zope2.12 packages work for me, and at least Gael reported the same
to me.
Are you ok with me uploading zope2.12 packages within the next two weeks?
Greetings,
jonas
Am 02.06.2011 13:24, schrieb Jonas Meurer:
> Hello,
>
> First, thanks Michael and Arnaud for the work on zope2.12 Debian
> packages.
>
> On 02/05/2011 Arnaud Fontaine wrote:
>> Once upon a time, zope2.X could be easily installed on Debian (until
>> 2.10), and thanks to dzhandle, it was pretty easy and straightforward to
>> use. Unfortunately it is not anymore since the upstream decided to move
>> to a modularized approach (with ZTK) ratherthan having a monolithic
>> tarball, which is a good thing, in most cases at least.
>>
>> Unfortunately, it has became a nightmare from a packager point of view,
>> because each released version of Zope depends upon specific versions
>> of these modules, which sometimes (often?) include backward-incompatible
>> changes, thus leading to conflicting dependencies between each released
>> version.
>>
>> Moreover, as of Zope 2.12, there are about 89 eggs pulled down as
>> dependencies when using the regular build process and the number is
>> growing because more and more duplicated code with ZTK is being moved
>> out of Zope2.
>>
>> In addition, several Zope applications, like Plone, require a specific
>> Zope version. Therefore, we also would like to be able to offer, at the
>> same time, several major versions of Zope (2.12 and 2.13 for example),
>> like we once did for Zope 2.9 and 2.10, and like we do for versions of
>> Python.
>>
>>
>> We thought about two solutions to address these issues:
>>
>> 1/ Versionning each component of the ztk so we can install at the same
>> time zope-foo 1.2.1 and zope-foo 1.3.0.
>>
>> 2/ Packaging inside a zope2.12 package all the requirements of zope2.12
>> which are not the current mainstream ztk.
>>
>> Even if we don't really like it, the second solution seems the only
>> viable solution because of the number of modules and the breakage in
>> backward-compatibility. Not doing so would require versionned packages
>> for the 89 eggs required by Zope 2.12, and the same for those required
>> by Zope 2.13.
>>
>>
>> The purpose of this email is actually to let the debian-release and
>> debian-security teams know before finalizing the package, thus we can
>> make sure that the package gets accepted and gets advices as well. We
>> realize that's a big burden for those teams because of the duplicated
>> modules, but we are willing to take care of that as much as possible.
>
> Seems like neither Security-Team nor Release-Team responded to this
> mail. I added ftpmasters to Cc in order to give them a chance to
> comment.
>
> If I got it right, all packaging-related issues have settled down, and
> from a Debian pkg-zope team point of view, the zope2.12 packages are
> ready to be uploaded.
>
> Please be aware, that we as the Debian pkg-zope team are aware of the
> drawbacks of a monolithic zope2.12 package (with all zope eggs
> included), but we discussed this issue to death, and don't see another
> solution. You can take a look at the meeting summary[1] for further
> details.
>
> We (the Debian pkg-zope Team) feel responsible to help with any
> security- or license-issues that might arise with zope2 packages in the
> future. We also keep a close watch on the development of zope2, and
> switch the packages to depend on packaged zope eggs as soon as this
> might be an option (i.e. the zope eggs upstream maintainers guarantee
> backwards compability).
>
> So, the last showstopper before zope2.12 packages can be uplaoded, are
> comments by Security-Team, Release-Team and FTPMasters whether the
> solution we've choosen is ok for them for the time being. Please send us
> your comments in case you've any.
>
> On behalf of the Debian Zope2 packagers,
> Jonas Meurer
>
>
>
> _______________________________________________
> pkg-zope-developers mailing list
> pkg-zope-developers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-zope-developers
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJOAIWpAAoJEFJi5/9JEEn+v0gP/1UxEyEvEtxP7tbHvh0wopxl
8Bth8YsI7SVY+SmyCPyHOrXL91CTDcYtQPd9VorgJq905MBnmZ3nparYaEQwEl5L
KS53yMBXY+V+LDTqaTWnUhHo5KeFCsvo3/Qm6xoTmRn45JNcRo602gs9ZeLa+nNX
1zvAf5LGrcEO5o1cpRb//3rU4zQj8xqrI4WkHZIwtCokOjrjiH6SC2v+fFntFlm2
Lmd/uTNINCccWf4iAUlfnN8h4kLZaFAUnlMl7gBDOqiSUT/tO+Hifbmm2leuGBiu
64swJh37k3ZNpVYbiXiwgvwfJbvauU/Zlo/P0BuAjHN65ahu9M7raNv0UmdWUCEI
Ca3Slay+KXTQuBA8twejNu4zMs5ajvD1kexjag2s0lF8Ucx6eGYvCF7eqY4ezZYb
lNT6zg22ryDBnqifwIyoSc7Jw0WTgHfJLUi+JQP3Zn7WDDQq2inblKS5+R1OTh0U
Is+z7CCLYIoQtsv7ulBtY43bJRkst4rpvsSxRG7Ia0W2huQ8retBrEU3uRJS+imo
fwaQIbRkCrOVZ3akDVjnIoGYaUdvkt7Qjr582ppkrGb5UPJ4AIA4RqIYxiBnp0GT
IO2kPnRH+W68JdOp+XBtjj4uAsP4E3Sur2CClR7gdVnyBAxlEgocvQdbZ1CRpoxm
ZEWsNQW53o8sJvB8WCpO
=h4hm
-----END PGP SIGNATURE-----
More information about the pkg-zope-developers
mailing list