[CentOS-devel] SCL

Sun Jul 20 18:55:48 UTC 2014
Johnny Hughes <johnny at centos.org>

On 07/20/2014 01:30 PM, Peter Meier wrote:
> > I was wondering if SoftwareCollections was already available in
> > CentOS7?
>
> Also interesting to know what the plans for SCL 1.1 for C6 are? I
> assumed that development there are/were hold back because of C7, but
> given that they bring some significant improvements, it would be nice
> if they are going to be released soon.

I am trying to build them, however I am running into issues as not
everything needed to build them is part of SCL for RHEL .. for example:

https://bugzilla.redhat.com/show_bug.cgi?id=1105230#c3

So, the issue is that there are build requires missing from several of
the packages, so decisions need to be made how and where to create these
new build requires and how they need to be maintained, etc.

I can find, via softwarecollections.org, packages to build the packages
in RHEL 1.1 SCLs now ... however, I am not at all sure that those
additional 'Build Require' packages will be maintained for security
updates in the future, etc.  Since there is clearly no ability to use
'officially' maintained code to be able to produce these packages, I am
reluctant to officially produce them for CentOS at this time. (see the
above linked comment, I don't think the 'Build Require' packages which
are not actually part of the RHEL SCLs are going to be released)

Scientific Linux has produced these SCLs here:

http://ftp.scientificlinux.org/linux/scientific/6x/external_products/softwarecollections/

Since I am personally uncomfortable putting the CentOS name on SCLs that
I can not verify are the same as upstream because the repo is not self
hosting (ie, they are not saying what they are building against and not
providing or publicly auditing these 'Build Require' packages for
security, etc), I am not planning on officially releasing these
anymore.  We can, as a SIG, decide to produce and maintain secure all
the 'Build Require' packages but that is going to require people willing
to figure out AND maintain those packages that are needed. In the
meantime, I recommend you use the packages produced by Scientific Linux
if you want to use SCLs that are known as RHEL 1.1 for EL6.

Note: there are several Maven, Java, and other packages required to
build out the entirety of that tree and not having any idea of the exact
packages required means to me that we can not produce a 'rebuild of
upstream sources' in the way that CentOS provides official packages and
why I think these should instead be part of a SIG

Thanks,
Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20140720/d8f2f142/attachment-0007.sig>