| 30 Oct 2024 |
 Tomodachi94 (they/them) | Any volunteers? 😂
| 17:50:40 |
 emily | you'll need to get #org_owners:nixos.org to assign it to the Nixpkgs repository with triage permissions. you may also want to set it up in ci/OWNERS | 17:52:59 |
| emily | btw, perhaps just "Java" would be a better name? | 17:53:20 |
| emily | given "(JDK, JVM, Java, Gradle, Maven, Ant, and adjacent projects)" | 17:53:28 |
| emily | although, I guess there could be potential trademark weirdness… | 17:53:55 |
| Tomodachi94 (they/them) | Definitely. I picked JDK because it gives us the @NixOS/jdk handle, which matches this channel, but Java is definitely clearer
| 17:54:14 |
| Tomodachi94 (they/them) | Ant is unmaintained 🫠
| 17:55:02 |
| Tomodachi94 (they/them) | Looks like it should be okay according to their trademark guidelines (https://www.oracle.com/legal/trademarks/):
| 17:56:41 |
| Tomodachi94 (they/them) |
Oracle generally permits use of its marks in groups name that include phrases such as “user group,” “special interest group,” “lobby,” etc., that clarify the relationship between Oracle and the group and do not create confusion about the source of products.
| 17:56:52 |
| Tomodachi94 (they/them) | (IANAL though)
| 17:57:22 |
| emily | ok Debian have a Java team so I'll say it's okay :) | 18:00:11 |
| emily | I hate that Java's idea of a package manager is downloading prebuilt binary blobs | 18:15:20 |
| emily | can we just rewrite every single Gradle build in the tree please? | 18:15:34 |
| emily | it turns out that our current deps.json literally cannot be reproduced | 18:18:06 |
| emily | because JCenter died and they just, killed all the jars I guess | 18:18:14 |
| emily | so even though I fixed it for modern Gradle there is just no way to get the jd-core JAR it wants except using the one we build ourselves and I am not sure I can be bothered to figure out how to tell Gradle to use something local | 18:18:47 |
| emily | bah. never mind I looked it up in a moment of weakness and it's easy. | 18:19:47 |
| emily | oh but we don't even build jd-core for jd-cli! | 18:21:15 |
| emily | and jd-cli's FOD is also not reproducible because it also fetches it from JCenter! | 18:22:27 |
| emily | so we actually should drop that one too | 18:22:40 |
| emily | I kind of suspect we'd find that half the Java applications we build can't even be reproduced now | 18:23:00 |
| emily | fwiw jd-core is not mirrored to any other repositories according to mvnrepository.com | 18:26:19 |
| emily | it's not clear if there are any complete mirrors of JCenter, so that's kind of worrying in terms of reproducibility of our Java packages | 18:26:34 |
| Tomodachi94 (they/them) | Tracking issue time! 🙃 | 18:27:06 |
| emily | not on Wayback either: https://web.archive.org/web/20240000000000*/https://jcenter.bintray.com/org/jd/jd-core/1.1.3/jd-core-1.1.3.pom | 18:27:23 |
| emily | I'm surprised nobody tried to archive it | 18:27:28 |
| emily | we really need to find a way to build Java dependenciees from source | 18:27:46 |
| emily | * we really need to find a way to build Java dependencies from source | 18:27:48 |
| emily | source is very likely to get archived or have another source, random mystery meat .jars are bad for supply-chain security and bad for longevity | 18:28:05 |
| emily | anyway yeah just yeet both the GUI and the CLI. tragic but nothing we can easily do | 18:28:54 |
