Hi all,

On Mon, Apr 9, 2018 at 9:25 PM, glob <g...@mozilla.com> wrote:

> mozilla-central contains code vendored from external sources. Currently
> there is no standard way to document and update this code. In order to
> facilitate automation around auditing, vendoring, and linting we intend to
> require all vendored code to be annotated with an in-tree YAML file, and
> for the vendoring process to be standardised and automated.
> The plan is to create a YAML file for each library containing metadata
> such as the homepage url, vendored version, bugzilla component, etc. See
> https://goo.gl/QZyz4x for the full specification.

Generally, I think this is a great plan, and I'm pleased to see it moving

A few notes:

1) for the Node.js work I'm actively pursuing, I expect a |mach vendor
rust|-like solution rather than a mozvendor.yaml-like solution (at least at
first).  This is because we need to integrate with Node-y workflows, where
things are captured in package.json files -- a situation parallel to Rust,
where things are captured in Cargo.toml files.

2) Firefox for Android vendored many dependencies into
mobile/android/third_party, modified them, and has more-or-less not updated
them since.  That's seen as a problem, and some folks are pushing to
upgrade those dependencies (see
https://bugzilla.mozilla.org/show_bug.cgi?id=1438716).  However, those
upgrades will be captured as regular Android Maven dependencies and not as
mozvendor.yaml dependencies.

I don't think either of those things are controversial, just adding to the
list of "things a little outside the system" on day one.

dev-platform mailing list

Reply via email to