RPM and GEMS conflict of interest
Gilles Dubreuil
gil.dubreuil at gmail.com
Fri Jun 25 02:39:57 UTC 2010
On Thu, 2010-06-24 at 14:58 -0400, Mohammed Morsi wrote:
> On 06/23/2010 10:14 PM, Gilles Dubreuil wrote:
> > On Wed, 2010-06-23 at 10:22 +0100, Karanbir Singh wrote:
> >
> >> On 23/06/2010 08:36, Gilles Dubreuil wrote:
> >>
> >>> I'm sorry if this discussion has been brought earlier but it doesn't
> >>> make sense for me.
> >>>
> >> RPMS and Gems target very different audiences. Gem's are a very badly
> >> thought out process to help developers get to specific code easily and
> >> quickly across different platforms. Things get even worse when you
> >> include components like 'bundler', and its back to 1990's with its
> >> static linking again.
> >>
> >> RPMS on the other hand will always give you a better, managed and
> >> reproduceable environment. And this is across many levels, eg: I dont
> >> want to have mysql-devel, gcc and its whole stack installed on a machine
> >> just because i need ruby-mysql and the gem payload is native source.
> >> Then expand that to egg's for python, pecl for php, cpan for perl etc etc.
> >>
> >> - KB
> >>
> > Do you mean RPMs are more system management oriented and GEMS more
> > application or development oriented? Maybe, from a sysadmin or developer
> > viewpoints.
> >
> > What I see, from both practice views is the need to have multiple ruby
> > libraries directly into RPMs.
> >
> > Regards,
> > Gil
> >
> >
> >
> Also I think part of the rpm / yum philosophy is that any given Fedora
> release and/or repository snapshot represents a 'stable' / 'supported'
> software stack, from the hardware drivers / kernel modules, to system /
> developer libraries, right up to the end user applications.
>
> Any rpm based software package that goes into that stack has to be
> community vetted and undergo the strict requirements review process. The
> gem package system doesn't support this, and it is way to easy for a dev
> to push an unstable gem as a new release to rubygems.org. Yes many
> packages get around this by depending on a particular gem version, but a
> whole lot of them don't do this, simple specifying the dependency itself
> (minus the version), or using the ">" or ">=" version specifiers which
> will automatically use the latest version in the rubygems repo (which
> may be unstable).
>
> Its not perfect (suggestions and help improving it is always welcome),
> but at least with the Fedora review process, alot of the potential
> pitfalls are discovered early on, before a software package is pushed
> into a production repository.
>
> I agree, it can be tedious to rebundle all gems into rpms but that why
> gem2rpm is a great project, it takes care of alot of the work for you
>
> http://rubyforge.org/projects/gem2rpm/
>
> Also (shameless self promotion) but I geared my Polisher project towards
> helping w/ this process, as it sits inbetween the gemcutter webhook api
> and gem2rpm, so that whenever a gem package is pushed to the rubygems
> repository, polisher is instantly notified and uses the end-user's
> configuration in conjunction with gem2rpm to automatically create a
> corresponding rpm on release. Admittedly its still not in production,
> has more work left to do on it, but I'm already using it to build alot
> of gems against various Ruby versions we have bundled for Fedora, and
> the source code is out there for anyone to use / modify.
>
> http://github.com/movitto/polisher
> http://github.com/movitto/polisher-scripts
>
>
> -Mo
>
gem2rpm seems very handy never used though!
I guess I was trying to understand things from a high level viewpoint.
Very interesting project the "polisher".
Good continuation and thanks for your answers and time.
Regards,
Gil
More information about the ruby-sig
mailing list