all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* src.zip, demos and samples in java idk
@ 2016-09-03  6:52 Hartmut Goebel
  2016-09-03 12:25 ` Vincent Legoll
  2016-09-03 14:04 ` Ludovic Courtès
  0 siblings, 2 replies; 4+ messages in thread
From: Hartmut Goebel @ 2016-09-03  6:52 UTC (permalink / raw)
  To: guix-devel


[-- Attachment #1.1: Type: text/plain, Size: 1170 bytes --]

Hi,

I discovered that the "jdk" of icedtea includes "demos", "samples" and
even a "src.zip" file. These are as big as 50 MB, where the src.zip
contributes by 43 MB. Thee 50MB are ca. 12% of the whole jdk.

IMHO, all of these should not be there since they are rarely needed.
Also it is common security best-practice to *not* include any demo code
on production systems - which should at least followed by such large
packages. The reasoning is that demos and examples are often prone to
errors and offering attack points.

Shall I move these to "doc" or to a new output (e.g. "examples").

We should use the same scheme later for all packages where the examples
will get a package by their own.

-- 
Schönen Gruß
(Please mind Hartmut Goebel
Dipl.-Informatiker (univ), CISSP, CSSLP, ISO 27001 Lead Implementer
Information Security Management, Security Governance, Secure Software
Development

Goebel Consult, Landshut
http://www.goebel-consult.de

Blog:
http://www.goebel-consult.de/blog/bewertung-pgp-verschlusselung-bei-web.de-und-gmx

Kolumne:
http://www.cissp-gefluester.de/2011-09-kommerz-uber-recht-fdp-die-gefaellt-mir-partei



[-- Attachment #1.2: Type: text/html, Size: 2279 bytes --]

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 2430 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: src.zip, demos and samples in java idk
  2016-09-03  6:52 src.zip, demos and samples in java idk Hartmut Goebel
@ 2016-09-03 12:25 ` Vincent Legoll
  2016-09-03 14:04 ` Ludovic Courtès
  1 sibling, 0 replies; 4+ messages in thread
From: Vincent Legoll @ 2016-09-03 12:25 UTC (permalink / raw)
  To: Hartmut Goebel; +Cc: guix-devel

Hello,

> Shall I move these to "doc" or to a new output (e.g. "examples").

Yes, I think it is common practice in other distros to separate doc,
samples & src
from the jdk itself.

> We should use the same scheme later for all packages where the examples will
> get a package by their own.

Maybe only for packages where this is significant size-wise...

-- 
Vincent Legoll

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: src.zip, demos and samples in java idk
  2016-09-03  6:52 src.zip, demos and samples in java idk Hartmut Goebel
  2016-09-03 12:25 ` Vincent Legoll
@ 2016-09-03 14:04 ` Ludovic Courtès
  2016-09-16 14:47   ` Hartmut Goebel
  1 sibling, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2016-09-03 14:04 UTC (permalink / raw)
  To: Hartmut Goebel; +Cc: guix-devel

Hi,

Hartmut Goebel <h.goebel@goebel-consult.de> skribis:

> I discovered that the "jdk" of icedtea includes "demos", "samples" and
> even a "src.zip" file. These are as big as 50 MB, where the src.zip
> contributes by 43 MB. Thee 50MB are ca. 12% of the whole jdk.
>
> IMHO, all of these should not be there since they are rarely needed.
> Also it is common security best-practice to *not* include any demo code
> on production systems - which should at least followed by such large
> packages. The reasoning is that demos and examples are often prone to
> errors and offering attack points.
>
> Shall I move these to "doc" or to a new output (e.g. "examples").

It would make sense to move them to “doc”, indeed; we’ve done it in
other packages.

Ludo’.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: src.zip, demos and samples in java idk
  2016-09-03 14:04 ` Ludovic Courtès
@ 2016-09-16 14:47   ` Hartmut Goebel
  0 siblings, 0 replies; 4+ messages in thread
From: Hartmut Goebel @ 2016-09-16 14:47 UTC (permalink / raw)
  To: guix-devel

Am 03.09.2016 um 16:04 schrieb Ludovic Courtès:
>> > Shall I move these to "doc" or to a new output (e.g. "examples").
> It would make sense to move them to “doc”, indeed; we’ve done it in
> other packages.

I tried, but did not manage. Building eat 3,8 GB of temp-space, then
failed due to the ram-disk being out of space.

For somebody else wanting to work on this: I assume adding these lines
to patch-paths phase should move the demo and sample into the docs.

+               ;; install demo and sample code into docs
+               (substitute* "openjdk.src/jdk/make/common/Defs.gmk"
+                 (("^DEMODIR[ \t]+=.*/demo$")
+                  "DEMODIR = $(OUTPUTDIR)/docs$(DOCSDIRSUFFIX)/demo\n")
+                 (("^SAMPLEDIR[ \t]+=.*/sample$")
+                  "DEMODIR = $(OUTPUTDIR)/docs$(DOCSDIRSUFFIX)/sample\n"))


I'm not going to work on this any longer. I've spend two hours
scrabbling about the targets within this source and each try did take
another half an hour - and then failed due to out of disk-space. This
confirms my opinion about the poor quality of Java software.

-- 
Regards
Hartmut Goebel

| Hartmut Goebel          | h.goebel@crazy-compilers.com               |
| www.crazy-compilers.com | compilers which you thought are impossible |

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2016-09-16 14:47 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-09-03  6:52 src.zip, demos and samples in java idk Hartmut Goebel
2016-09-03 12:25 ` Vincent Legoll
2016-09-03 14:04 ` Ludovic Courtès
2016-09-16 14:47   ` Hartmut Goebel

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.