On Sat, Aug 1, 2015 at 5:48 PM, Matthew Miller <mattdm(a)fedoraproject.org> wrote:
On Sat, Aug 01, 2015 at 09:32:22AM +0200, Javi Roman wrote:
> The problem here is the big data tools, for example Apache Flume, or
> Apache Spark are evolving quickly with new important features, however
> some of the libraries used by those tools (for example Java artifacts in Flume)
> have frozen versions, because it's works for the developer. In Fedora
> some of those
> libraries are increasing their versions (the most updated versions
> from the upstream project), and the big data tool affected breaks in
> compilation time.
This isn't a problem just with big data tools. Many developers want to
do this. The problem is that having all of those multiple versions
becomes a maintenance nightmare. When there's a security problem, how
do you identify which packages have a library with the problem? Which
versions are affected? Does the same patch apply to them all? Who fixes
it if it doesn't?
You are right Matthew.
Probably the way we are working right now it's the correct way:
1. Use the great utility xmvn.
2. Patch the Java/Scala/Clojure ... ecosystem tool in order to use the
most updated upstream libraries.
3. Try to commit this changes to the upstream tool.
So we only need more developers interested in the big data Fedora
ecosystem for this huge task, or some full time position like in the
Fedora Cloud SIG [1], however this last is another matter even more
complex to deal.
[1]
http://paul.frields.org/2015/07/21/fedora-engineering-team-opening/