Are github gems less stable than rubyforge gems? - ruby

In this question, I mentioned my assumption that rubyforge gems are more official, authoritative, and stable than github forks. One of the people replying to my question said that my assumption might not be accurate.
What have you observed? Do people use github to release early and release often, only putting stable releases on rubyforge, or do people release less often on rubyforge for other reasons (eg rubyforge being more of a hassle)?
Update: This question is a little moot now. Github gems are defunct, and rubyforge gems are going to be moved to rubygems.org.

No difference as far as I can tell.
There is a huge range in quality/stability of gems from both sources. Some are rock solid, others are pre-alpha quality.
It really depends on the gem project itself.
Having said that though, the github model does lend itself to more rapid turn around on issues. It's much easier to fork a project, fix a bug, and submit it back to be included in the original source. So at least on the popular projects, bugs get fixed quicker. So maybe that helps projects mature quicker, but I don't know.

What I noticed is a decreasing quality of GEM released via GitHub compared with the overall quality of GEMS at RubyForge.
IMHO there are at least two major explanation for this behavior:
--
Prior to GitHub the 99% of Rubyist was Subversion-dependent. You can say what you want about Subversion, but it is definitely more easy to use compared with Git and everybody is aware of the trunk/tags/branches layout. Then people started to move to Git. Just a super-limited slice of Subversion users started to use Git with the level of knowledge it should require and, what I noticed, is that people started to forgot about tags.
Once upon a time there were tags. In subversion people were used to release new version based on specific tags so that you can easily detect which version you installed and which was the stable branch.
Nowadays I see tons of libraries always under development in the Git master branch. No tags, no stable branches. In general, when libraries where released via RubyForge there was an higher level of attention to the deployment step.
--
GitHub makes the publishing step no more a hassle. That said, you can easily publish a new GEM simply pushing the gemspec into your repository.
In my opinion this simplicity might can lead to a lower quality. More less-skilled developed started to distribute GEMS because it's as easy as generating a new project with Jeweler (or a similar library) and pushing a git repository. They didn't know much more about release management, backward compatibility, release bumps, release maintenance.
Often I came across an unfinished libraries packaged as a GEM just because the developer forgot to remote the .gemspec file. Each commit caused a new GEM to be build with no apparent coherence and consistence.
I'm absolutely in favor of the "release often" practice but when it makes sense. Git provides an excellent branch support, you don't need to clutter the master branch with tons of unrelated commits and releasing unfinished piece of code that you call libraries.
--
Last but not least, what I probably hate the most is the unlimited duplication of the same GEM. When RubyForge was the unchallenged GEM source, it was quite easy to find and install a new project.
IMHO, GitHub introduced an unnecessary layer of complexity. First, you have GEM both available via rubyforge as mygem and via GitHub as username-mygem. You often need to spend time to figure out which GEM is the most updated and holds the master development.
Furthermore, some popular GEM was no longer updated on RubyForge and many people continues to use them just because RubyGems doesn't notify you about new versions. Easy to understand, if you installed coolgem release 1.2.4 and the same library is now available as superuser-coolgem (release 2.0), RubyGems is not clever enough to tell you a new update is available.
--
Now it's time for a disclaimer.
I'm not saying GitHub users produces crappy GEMS compared with RubyForge. I'm a GitHub user and prior I was a RubyForge user as well. Thousands of GEMS successfully migrated from RubyForge to GitHub without leaving the end-user in the "which one" limbo.
The best example Rails, but I can mention many other GEMs including (but not limited to) Capistrano, Hpricot, RedCloth... All those libraries are now hosted on GitHub and if you carefully look at them you can easily recognize the same level of quality as before.
Last but not least, all those libraries continue to be released via RubyForge as the master source so that you don't need to reconfigure your environment to detect whether to install rails-rails or rails.
Also, the end-user is not affected by development decisions. Take Capistrano for instance. A couple of months ago Jamis announced the end of its commitment to the development. The community took charge of the development and moved the master repository from jamis/capistrano to capistrano/capistrano. What would happen if the GEM was released as jamis-capistrano? All the users would have to switch to the new GEM and the new repository with lot of hassle.
This scenario never arised because RubyForge was and continue to be the main Capistrano delivery hub.
--
In conclusion, I unfortunately notices an overall decrease of GEM quality mainly caused by more people approaching Ruby and RubyGems without the necessary level of knowledge. The same apply to a large number of Rails plugins.
GitHub cannot be labelled as the culprit. When complex things become more easy and more people approach them without an underlying knowledge, it's normal that the quality can decrease because complexity is a natural selection process.
Anyway, there's still an excellent level of quality in the Ruby community. It's amazing to see how Ruby developers are committed to unit testing and other professional programming habits.

Probably less stable and slightly more up to date :)
-r

to answer your question finally: both of the resources you mentioned (rubyforge, github) are now obsolete, since gemcutter is the new and only place for rubygems.
Gemcutter Is The New Official Default RubyGem Host:
http://www.rubyinside.com/gemcutter-is-the-new-official-default-rubygem-host-2659.html

Related

Prevent resolving cyclic dependency to local workspace

I have a package, which offers basic utilities. It has a dev-dependency on a tool, which helps build it. That tool in turn needs features from the package.
The problem is, that during development of the package, the dependency of itself gets resolved to the local workspace, not fetching it from a registry - which obviously won't work, for two reasons:
it isn't built
the version isn't bumped yet, but there may already be breaking changes
Personally, i don't know why this behavior is desirable in the first place, but how do i disable it, forcing a resolution to the registry, fetching the current latest published version?
Using yarn 3.2.0 with pnp (could not see any related changes towards 3.2.1, therefore imho irrelevant)
The behavior can be disabled via enableTransparentWorkspaces: false in yarnrc.yml.
After additional research, i found yarn-2-berry-npm-protocol-switches-to-workspace-resolution, which links to a related github Q&A, where the answer is given. Sadly, it never got accepted on github, nor propagated to the related SO question, so i'll keep this one here.

Gem automatic version specification by letting arguments after gem name blank

Why should one care about specifying gem version at all if bundler detects Ruby version and manages to get the latest release to match that version. If I'm not a fond of newer version personally, I would disable incrementing with ~> 1.4.4 and in other cases I'd let bundler manage stuff with putting gem name into Gemfile without any argument
The approach you are suggesting - start with the latest version and pin if problems are experienced - works fine for projects that are 1) actively maintained and 2) tolerant of breakage.
Now imagine you have to deliver this project to a customer who then will run it for a year or longer and you won't be there to support it. In this case simply getting the latest release of all dependencies is not necessarily the best strategy. Maybe you would proactively specify major versions of all of your important dependencies instead. Potentially even lock to minor versions which does give more stability at the cost of missing security updates/bug fixes.

How to manage Java/Maven Dependencies in JRuby

I search for the best way to manage java dependancies in a jruby app/library.
Some time ago i read an article about getting java dependancies based on Maven through rubygems. I tried to follow up on this and found some information that this feature was dropped in JRuby 1.7. Also I found some projects like ruby_maven and jbundler but they look like work in progress.
Im especially interested in the integration with bundler and gemspec.
I am no fan of maven and prefer the ruby / bundler way.
Would be nice if a jruby pro could shed some light on the current state.
Me and my coworker are working on a tool to handle mixed Java/JRuby projects. We're hoping to be finished with it this week, so check it out next week and see if it meets your needs. (We still need to update the documentation a little bit, too.)
https://github.com/sam/doubleshot
You had mentioned that JBundler looks like a work in progress, but it does work. I'd recommend giving it a shot if you can't wait a week to try out our project.

Are you supposed to include Gemfile.lock in a published gem?

If you publish the source for a ruby gem to github.com, is the Gemfile.lock supposed to included?
This guy has strong opinions.
http://yehudakatz.com/2010/12/16/clarifying-the-roles-of-the-gemspec-and-gemfile/
Namely:
You should include your Gemfile.lock in version control if you're developing an application
You should not include your Gemfile.lock in version control if you're developing a gem
I'm not sure if I'm convinced yet. I think that using the Gemfile.lock in my version control is good. But I think that it is too much for that file to be included for others use. The gemfile is enough for an install for others. I think Gemfile.lock is for development, not deployment, contrary to the previously expressed opinion.
No, the Gemfile.lock file is an aid for deployment, not for development.
It is used to recreate an exact replica of your environment on another systems, something that is not (usually) required for development.

What is the difference between the different Ruby 1.9 builds?

There are quite a few versions of Ruby 1.9 floating around. There are a few Ruby 1.9 builds for the different operating systems at the official Ruby language site here:
http://www.ruby-lang.org/en/downloads/
There are also other 1.9 versions at Ruby Forge:
http://rubyforge.org/frs/?group_id=167&release_id=38052
What are the differences between them? And which one should one be learning?
I ask this because I started taking a Ruby course at http://rubylearning.com/ and they recommend downloading ruby 1.9.1p243 (2009-07-16 revision 24175) [i386-mingw32] but do not really state why. Also I see other people using different builds of 1.9 so I am curious about the differences.
Thanks,
caeious
There are three main versions of Ruby 1.9 on ruby-lang.org:
Stable: this is the one that most people should be using, as it's the latest stable release
Stable snapshot: this is the latest version of the development branch in SVN that has been marked as 'stable'. It's an unreleased version that's still being worked on, and should only be interesting to those wanting to test out the upcoming Ruby version.
Daily snapshot: this is a snapshot of the development branch in SVN, taken every day. Should be pretty unstable, and only recommended to those wanting to develop Ruby itself.
For your Ruby course I'd definitely use the latest Stable release, so the recommendation you got seems about right.

Resources