From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
Subject: Re: [PATCH] Add yaggo.
Date: Wed, 24 Jun 2015 15:05:26 +0200
Message-ID: <idjfv5hntnt.fsf@bimsb-sys02.mdc-berlin.net>
References: <558A3377.6060301@uq.edu.au> <20150624055137.GA29505@thebird.nl>
	<CAJ=RwfbF7Yg0+cVOTzTYhbqEPFdnQujh0VsXKY8Q0egSKDUt5A@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56560)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1Z7kN3-00029q-0C
	for guix-devel@gnu.org; Wed, 24 Jun 2015 09:05:44 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1Z7kMz-0000tH-H9
	for guix-devel@gnu.org; Wed, 24 Jun 2015 09:05:40 -0400
Received: from sinope.bbbm.mdc-berlin.de ([141.80.25.23]:60210)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1Z7kMz-0000sd-86
	for guix-devel@gnu.org; Wed, 24 Jun 2015 09:05:37 -0400
In-Reply-To: <CAJ=RwfbF7Yg0+cVOTzTYhbqEPFdnQujh0VsXKY8Q0egSKDUt5A@mail.gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: "Thompson, David" <dthompson2@worcester.edu>
Cc: "guix-devel@gnu.org" <guix-devel@gnu.org>


> I must reiterate my concern about this approach to the wider
> guix-devel audience.  From what I can see, the gem archives hosted on
> rubygems.org are build artifacts and should probably be treated like
> pre-built binaries.  They are not the complete, corresponding source
> code.  Can anyone else weigh in here?

The gemspec file must list all files (either explicitly or via patterns)
that are to be distributed and thus needed at runtime.

As far as I can tell "gem push name.gem" can be used to upload anything
to rubygems.org that is considered a valid gem.  rubygems.org will only
extract the gemspec metadata and process them for later display[1].  The
parsed and possibly validated gemspecs are included in the gem when
doing "gem build name.gemspec".  For more info on what "gem build" does
see [2].

This means that using standard tools (unmodified "gem") the generated
gem is packaged according to the information in the gemspec file.  A gem
seems to be little more than a tar archive.  I would not consider this a
"build artifact", but release tarballs.  We don't have a problem with
using release tarballs over git clones for non-Ruby applications, even
though the tarballs may contain somewhat different sources (e.g. added
ChangeLog).

Of course, a gem created with a modified tool could contain more or less
than what the gemspec file declares.  But I would treat this in much the
same manner as I would treat broken release tarballs.

~~ Ricardo

[1]: https://github.com/rubygems/rubygems.org/blob/master/app/models/pusher.rb#L47
[2]: https://github.com/rubygems/rubygems/blob/master/lib/rubygems/package.rb