Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
On ബുധന് 18 ഒക്ടോബര് 2017 01:39 വൈകു, Ondřej Surý wrote: > Also please note that Ruby programs are usually very picky about > particular versions of their dependencies. > > I call it a "gem hell" and it was a reason why I gave up helping with > Ruby packaging and switched to redmine from source and bundler. Same for > gitlab. I believe the time can be spent more productively than tackling > with upstream with totally different world views. gitlab upstream is very cooperative and they fund my packaging work (many months of full time packaging work). They usually are responsive to requests for updating gem versions. So if another package needs a newer version of a gem, gitlab folks usually respond to my request for updating that gem to the version we need. > Ondřej signature.asc Description: OpenPGP digital signature -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
On ബുധന് 18 ഒക്ടോബര് 2017 04:08 രാവിലെ, Nicholas D Steeves wrote: > Dear Javascript Team, > > Would you please consider maintaining the "numerous [...] nodejs > modules" necessary for Debian's Alioth replacement to run on a > Debian-built GitLab package? We are facing a scenario that confirms > that Debian packaging is not good enough--even for Debian's own > infrastructure. This is already in progress, if more people joins, we can speed it up. > I would join the team, but it would take me weeks/months to learn > about Javascript and Nodejs, and it seems this transition is imminent. It would take at most a few days. I have taught many people Nodejs packaging in few days. I'd be happy to mentor anyone. Try to follow https://wiki.debian.org/Javascript/Nodejs/Npm2Deb/Tutorial signature.asc Description: OpenPGP digital signature -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
On Wed, Oct 18, 2017 at 2:13 PM, Alexander Wirt wrote: > Please don't get me wrong, but even if gitlab packages are recent tomorrow > (which I > don't think) we won't migrate. The work is done and we have all the things in > place to maintain them. So please do me a favour and don't mention alioth as > the reason. I note that the Debian security team doesn't support libv8, nodejs and the stack above it. https://sources.debian.net/src/debian-security-support/2017.06.02/security-support-limited/#L14 In my experience the JavaScript team doesn't appear to be following the nodesecurity.io security advisories. https://nodesecurity.io/advisories What is your plan for avoiding the security issues discovered in libv8/nodejs and gitlab-related node modules? -- bye, pabs https://wiki.debian.org/PaulWise -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
Also please note that Ruby programs are usually very picky about particular versions of their dependencies. I call it a "gem hell" and it was a reason why I gave up helping with Ruby packaging and switched to redmine from source and bundler. Same for gitlab. I believe the time can be spent more productively than tackling with upstream with totally different world views. Ondřej On Wed, 18 Oct 2017, 08.14 Alexander Wirt,wrote: > On Tue, 17 Oct 2017, Nicholas D Steeves wrote: > > > CCing the Javascript Team. > > > > Original post on debian-devel, see: > > Message-Id: <20171016001558.a9c2e92f9155e844f43ce...@paranoici.org> > > > > Or alternatively: > > https://lists.debian.org/debian-devel/2017/10/msg00262.html > > > > On Tue, Oct 17, 2017 at 11:32:55PM +0200, Alexander Wirt wrote: > > > On Tue, 17 Oct 2017, Francesco Poli wrote: > > > > > > > On Mon, 16 Oct 2017 04:28:09 + Ondřej Surý wrote: > > > > > > > > [...] > > > > > Francesco, great idea, go ahead. You would be most welcome to help > with > > > > > Debian Ruby Extra packaging. > > > > > > > > Unfortunately, I have basically zero knowledge about Rails, > JavaScript > > > > and Node.js: I could not be of much help in packaging GitLab. > > > > > > > > What I meant was that the time that will be spent in manually > installing, > > > > manually adapting, and manually upgrading the upstream version, would > > > > perhaps be better spent in helping the maintainers to keep the Debian > > > > package up-to-date and in using the Debian package in stead of the > upstream > > > > version... > > > Nope. I know how to setup gitlab, I don't - and I don't want to have > > > knowledge (and I don't have time to do it) to maintain numerous ruby > and > > > nodejs modules. > > > > > > Alex > > > > > > > On 16 October 2017 at 06:52, Pirate Praveen > wrote: > > > On 10/16/2017 03:45 AM, Francesco Poli wrote: > > >> I would say that this issue with the Debian packages of GitLab should > > >> be addressed by helping the Debian Ruby Extras Maintainers to improve > > >> the Debian packages and to keep them more up-to-date. > > > > > > gitlab 9.x has switched to using node modules + webpack for front end. > > > So any help in packaging the node dependencies welcome. > > > > > > See https://wiki.debian.org/Javascript/Nodejs/Tasks/gitlab for the > > > current status. > > > > > > Btw all ruby dependencies for 9.5.x are packaged already. > > > > > > > Dear Javascript Team, > > > > Would you please consider maintaining the "numerous [...] nodejs > > modules" necessary for Debian's Alioth replacement to run on a > > Debian-built GitLab package? We are facing a scenario that confirms > > that Debian packaging is not good enough--even for Debian's own > > infrastructure. > > > > I would join the team, but it would take me weeks/months to learn > > about Javascript and Nodejs, and it seems this transition is imminent. > > > > In the worst-case scenario, if that work cannot be completed on time, > > a deadline should be set for transitioning to official Debian-built > > packages. Let's say well before DebConf18 so that it will be well > > tested for DebCamp. > > > > Please reply to debian-devel and CC Francesco Poli < > invernom...@paranoici.org> > Please don't get me wrong, but even if gitlab packages are recent tomorrow > (which I > don't think) we won't migrate. The work is done and we have all the things > in > place to maintain them. So please do me a favour and don't mention alioth > as > the reason. > > Alex > > -- Ondřej Surý -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
On Tue, 17 Oct 2017, Nicholas D Steeves wrote: > CCing the Javascript Team. > > Original post on debian-devel, see: > Message-Id: <20171016001558.a9c2e92f9155e844f43ce...@paranoici.org> > > Or alternatively: > https://lists.debian.org/debian-devel/2017/10/msg00262.html > > On Tue, Oct 17, 2017 at 11:32:55PM +0200, Alexander Wirt wrote: > > On Tue, 17 Oct 2017, Francesco Poli wrote: > > > > > On Mon, 16 Oct 2017 04:28:09 + Ondřej Surý wrote: > > > > > > [...] > > > > Francesco, great idea, go ahead. You would be most welcome to help with > > > > Debian Ruby Extra packaging. > > > > > > Unfortunately, I have basically zero knowledge about Rails, JavaScript > > > and Node.js: I could not be of much help in packaging GitLab. > > > > > > What I meant was that the time that will be spent in manually installing, > > > manually adapting, and manually upgrading the upstream version, would > > > perhaps be better spent in helping the maintainers to keep the Debian > > > package up-to-date and in using the Debian package in stead of the > > > upstream > > > version... > > Nope. I know how to setup gitlab, I don't - and I don't want to have > > knowledge (and I don't have time to do it) to maintain numerous ruby and > > nodejs modules. > > > > Alex > > > > On 16 October 2017 at 06:52, Pirate Praveenwrote: > > On 10/16/2017 03:45 AM, Francesco Poli wrote: > >> I would say that this issue with the Debian packages of GitLab should > >> be addressed by helping the Debian Ruby Extras Maintainers to improve > >> the Debian packages and to keep them more up-to-date. > > > > gitlab 9.x has switched to using node modules + webpack for front end. > > So any help in packaging the node dependencies welcome. > > > > See https://wiki.debian.org/Javascript/Nodejs/Tasks/gitlab for the > > current status. > > > > Btw all ruby dependencies for 9.5.x are packaged already. > > > > Dear Javascript Team, > > Would you please consider maintaining the "numerous [...] nodejs > modules" necessary for Debian's Alioth replacement to run on a > Debian-built GitLab package? We are facing a scenario that confirms > that Debian packaging is not good enough--even for Debian's own > infrastructure. > > I would join the team, but it would take me weeks/months to learn > about Javascript and Nodejs, and it seems this transition is imminent. > > In the worst-case scenario, if that work cannot be completed on time, > a deadline should be set for transitioning to official Debian-built > packages. Let's say well before DebConf18 so that it will be well > tested for DebCamp. > > Please reply to debian-devel and CC Francesco Poli Please don't get me wrong, but even if gitlab packages are recent tomorrow (which I don't think) we won't migrate. The work is done and we have all the things in place to maintain them. So please do me a favour and don't mention alioth as the reason. Alex signature.asc Description: PGP signature -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
CCing the Javascript Team. Original post on debian-devel, see: Message-Id: <20171016001558.a9c2e92f9155e844f43ce...@paranoici.org> Or alternatively: https://lists.debian.org/debian-devel/2017/10/msg00262.html On Tue, Oct 17, 2017 at 11:32:55PM +0200, Alexander Wirt wrote: > On Tue, 17 Oct 2017, Francesco Poli wrote: > > > On Mon, 16 Oct 2017 04:28:09 + Ondřej Surý wrote: > > > > [...] > > > Francesco, great idea, go ahead. You would be most welcome to help with > > > Debian Ruby Extra packaging. > > > > Unfortunately, I have basically zero knowledge about Rails, JavaScript > > and Node.js: I could not be of much help in packaging GitLab. > > > > What I meant was that the time that will be spent in manually installing, > > manually adapting, and manually upgrading the upstream version, would > > perhaps be better spent in helping the maintainers to keep the Debian > > package up-to-date and in using the Debian package in stead of the upstream > > version... > Nope. I know how to setup gitlab, I don't - and I don't want to have > knowledge (and I don't have time to do it) to maintain numerous ruby and > nodejs modules. > > Alex > On 16 October 2017 at 06:52, Pirate Praveenwrote: > On 10/16/2017 03:45 AM, Francesco Poli wrote: >> I would say that this issue with the Debian packages of GitLab should >> be addressed by helping the Debian Ruby Extras Maintainers to improve >> the Debian packages and to keep them more up-to-date. > > gitlab 9.x has switched to using node modules + webpack for front end. > So any help in packaging the node dependencies welcome. > > See https://wiki.debian.org/Javascript/Nodejs/Tasks/gitlab for the > current status. > > Btw all ruby dependencies for 9.5.x are packaged already. > Dear Javascript Team, Would you please consider maintaining the "numerous [...] nodejs modules" necessary for Debian's Alioth replacement to run on a Debian-built GitLab package? We are facing a scenario that confirms that Debian packaging is not good enough--even for Debian's own infrastructure. I would join the team, but it would take me weeks/months to learn about Javascript and Nodejs, and it seems this transition is imminent. In the worst-case scenario, if that work cannot be completed on time, a deadline should be set for transitioning to official Debian-built packages. Let's say well before DebConf18 so that it will be well tested for DebCamp. Please reply to debian-devel and CC Francesco Poli Sincerely, Nicholas signature.asc Description: PGP signature -- Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel