Yeah, this is my thinking too.
Regards,
Rob...
> On 27 Jul 2017, at 16:20, Carlos Santana wrote:
>
> Being thinking more about this, and having a core set of packages included
> by default is very useful and I think critical for open source integration
> and continues integration in the open.
> Also keeping large actions away from the system for folks that just want to
> get started and kick the tires using the embedded packages
>
> I think we could have a mid way alternative:
>
> What about if we create new kinds every time we want to pickup an update
> for new language update but at the minor (y) level (version x.y.z).
> Also include a very small set of core packages, for example request for
> nodejs very stable and popular package
>
> We create a new kind to pick up a new minor update and at that time will
> pickup the latest version of the packages.
> For patch updates, at least for security updates this are done at the patch
> level, will update the current kind to update the patch level of the
> language.
>
> So I think this aligns with what Rob mentioned about trying to keep kinds
> versions at the minor level.
>
> Taking nodejs as an example:
> we have nodejs:6 (this is set to 6.9)
> let's create a new kind for node nodejs:6.11
> This will include latest version of 6.11 and latest versions of packages at
> the time of creating of the new kind nodejs:6.11
> If there are nodejs patch updates to pickup for 6.11 we update without
> creating a new kind will be kept at nodejs:6.11 with the packages pinned to
> the versions that they shipped.
> I think nodejs moves a bit faster than the other languages so we could
> pickup a new minor nodejs:6.12 or 6.14 when ever the community thinks
> there is a minor update from nodejs worth the update to create a new kind.
>
> There might be a gap, I think it's OK for those corner cases that an user
> wants to use the latest nodejs version but use old version of the packages,
> or use the latest version of the package but an old version of nodejs. I
> think for this cases user would need to pinned and include the exact
> version of the modules to include and that's OK, I think this will be a
> normal thing for people going into production and pinning and controlling
> dependencies.
>
> I think it's hard to come up with silver bullet for all languages, as every
> language updates at a different speed, and dependencies are more slowest
> pace than others.
>
>
>
>
>
>
>
>> On Wed, Jul 26, 2017 at 8:30 PM Carlos Santana wrote:
>>
>> One thought I have being debating is that the open source project doesn't
>> include any packages going forward.
>> The project will have an image that is small and common denominator that
>> the operators deploying decide which packages to add on top.
>>
>> For example for nodejs 8, we create the kind nodejs:8 (at LTS Oct/2017),
>>
>> Will keep the version of language nodejs 8 up to date to the latest as
>> official releases come out from nodejs
>> Operators like IBM and Adobe, RH, others, can base their custom images for
>> their offerings on the same base image, adding packages that they want base
>> on their offering.
>>
>> Same for swift new kind swift:4, and so on.
>>
>> This will be a general policy, as every language has their peculiarity and
>> probably we need our runtimes SMEs to talk about the risk on updating or
>> not updating per language.
>>
>> dealing with user level packages is always a pickle for example today we
>> have nodejs:6 and we have a set of users that benefit from updating the
>> packages to the latest latest, and could have users that they depend on a
>> current version of the package and updating the package on them could cause
>> problems. If I had my way I would say thought luck for using the embedded
>> package and not packaging or doing a bundle build, but serverless is on
>> baby years of adoption and I don't want to be thought yet :-)
>>
>> So for nodejs8 we say thought luck no embedded packages, but will do
>> something to make it super easy will have the system help you build/compile
>> your action and include your dependencies, these system actions that allow
>> users to provide only their code/git-url, and package.json/package.swift,
>> and these actions will compile/npm install etc.. and install your action
>> including the declared dependencies.
>>
>>
>>
>>
>>
>> On Tue, Jul 18, 2017 at 4:08 AM Michael Marth
>> wrote:
>>
>>> Hi Rob,
>>>
>>> Re “I wonder how many deployments roll their own action containers?”
>>>
>>> I spoke too general (implying what most OW deployments would want). What
>>> I can say is that our team wishes to be in control of the libraries that go
>>> into the action containers, that’s why we need to roll our own.
>>>
>>> Agree with the approach you have outlined on patch and minor releases.
>>>
>>> The topic of deprecation IMHO is the same discussion as when to upgrade
>>>