On Tue, Dec 6, 2011 at 9:35 AM, Thomas Bruederli <roundcube@gmail.com> wrote:
On Mon, Dec 5, 2011 at 19:01, till <till@php.net> wrote:
> On Mon, Dec 5, 2011 at 5:58 PM, Thomas Bruederli <roundcube@gmail.com>
> wrote:
>>
>> On 03.12.2011, at 20:51, till wrote:
>>
>> >
>> > On Fri, Dec 2, 2011 at 6:32 PM, A.L.E.C <alec@alec.pl> wrote:
>> > W dniu 02.12.2011 18:05, till wrote:
>> >
>> > > Never saw srcuri with PEAR packages:
>> > > http://pear.php.net/manual/en/guide.developers.package2.pecl.php
>> > >
>> > > It looks like it's pecl related. What are you trying to achieve with
>> > > it?
>> >
>> > As stated in my first post in this thread, for AGPL plugins we need to
>> > provide a link to source code.
>> >
>> > Reminds me to vote against the AGPL move.
>>
>> The AGPL suggestion for Roundcube core has actually nothing to do with the
>> requirement of making the source code of plugins available which are
>> published under AGPL-
>> >
>> > So, we need some URL field in package.xml.
>> >
>> > Maybe I don't get it – but a pear package does not compile code. It's
>> > zipped up code in tar archive, compressed with gzip. The source is
>> > available. Can you explain why this link is necessary or who claims that
>> > it's necessary?
>>
>> If you install a plugin which in licensed under AGPL you have to provide
>> the source to the users of that system. That's required by the AGPL itself.
>>
>> We (Roundcube) want to take the burden of collecting the links to all the
>> AGPL sources away from the sysadmins which install Roundcube with AGPL
>> plugins but collect them all in a single place. That's why we want the URL
>> to the source of an AGPL plugin to be stated in the package itself. Of
>> course we could also add some script which collects all the files directly
>> from the Roundcube installation directory but this brings in some security
>> topics which I'd like to avoid.
>
>
> Ok, so just to be clear – you want something like a link to e.g. our
> RoundCube svn repo, or a github repo, or sf, etc. where the source of the
> package is located?

Exactly.
>
> If so, I think there are two option:
>
> 1) Create a README and/or LICENSE file which contains the information and
> install them with the 'doc' role.
> 2) Add the link to the package's <description>

That's the obvious approach but it isn't necessarily machine readable.
Roundcube (trunk) lists all activated plugins in an "about" page and
we want to show a download link to every AGPL plugin listed there. So
what we're looking for is a tag in the xml schema where one can store
that url and the <srcuri> seems to be exactly what we need. But what's
that <srcuri> actually meant for and why is the package validator
complaining if one uses it?

And after all, I actually give a shit about the pear package validator
because we're not using pear to maintain and distribute our plugins
anyway.

We could decide on a file called SOURCE which contains the link to make it more machine-readable.

I think <srcuri> is for pecl packages. pecl packages are c-extensions.

http://pear.php.net/manual/en/guide.developers.package2.pecl.php

Both pecl and pear packages use a package.xml (2.0 currently) to be installed. But they don't always share the same "elements".

Till 

~Thomas