Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement

[Pirate Praveen]

On ബുധന്‍ 18 ഒക്ടോബര്‍ 2017 01:39 വൈകു, Ondřej Surý wrote:
> Also please note that Ruby programs are usually very picky about
> particular versions of their dependencies.
> 
> I call it a "gem hell" and it was a reason why I gave up helping with
> Ruby packaging and switched to redmine from source and bundler. Same for
> gitlab. I believe the time can be spent more productively than tackling
> with upstream with totally different world views.

gitlab upstream is very cooperative and they fund my packaging work
(many months of full time packaging work). They usually are responsive
to requests for updating gem versions. So if another package needs a
newer version of a gem, gitlab folks usually respond to my request for
updating that gem to the version we need.

> Ondřej



signature.asc
Description: OpenPGP digital signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement

[Pirate Praveen]

On ബുധന്‍ 18 ഒക്ടോബര്‍ 2017 04:08 രാവിലെ, Nicholas D Steeves wrote:
> Dear Javascript Team,
> 
> Would you please consider maintaining the "numerous [...] nodejs
> modules" necessary for Debian's Alioth replacement to run on a
> Debian-built GitLab package?  We are facing a scenario that confirms
> that Debian packaging is not good enough--even for Debian's own
> infrastructure.

This is already in progress, if more people joins, we can speed it up.

> I would join the team, but it would take me weeks/months to learn
> about Javascript and Nodejs, and it seems this transition is imminent.

It would take at most a few days. I have taught many people Nodejs
packaging in few days. I'd be happy to mentor anyone.

Try to follow https://wiki.debian.org/Javascript/Nodejs/Npm2Deb/Tutorial




signature.asc
Description: OpenPGP digital signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement

[Paul Wise]

On Wed, Oct 18, 2017 at 2:13 PM, Alexander Wirt wrote:

> Please don't get me wrong, but even if gitlab packages are recent tomorrow 
> (which I
> don't think) we won't migrate. The work is done and we have all the things in
> place to maintain them. So please do me a favour and don't mention alioth as
> the reason.

I note that the Debian security team doesn't support libv8, nodejs and
the stack above it.

https://sources.debian.net/src/debian-security-support/2017.06.02/security-support-limited/#L14

In my experience the JavaScript team doesn't appear to be following
the nodesecurity.io security advisories.

https://nodesecurity.io/advisories

What is your plan for avoiding the security issues discovered in
libv8/nodejs and gitlab-related node modules?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement

[Ondřej Surý]

Also please note that Ruby programs are usually very picky about particular
versions of their dependencies.

I call it a "gem hell" and it was a reason why I gave up helping with Ruby
packaging and switched to redmine from source and bundler. Same for gitlab.
I believe the time can be spent more productively than tackling with
upstream with totally different world views.

Ondřej

On Wed, 18 Oct 2017, 08.14 Alexander Wirt,  wrote:

> On Tue, 17 Oct 2017, Nicholas D Steeves wrote:
>
> > CCing the Javascript Team.
> >
> > Original post on debian-devel, see:
> > Message-Id: <20171016001558.a9c2e92f9155e844f43ce...@paranoici.org>
> >
> > Or alternatively:
> > https://lists.debian.org/debian-devel/2017/10/msg00262.html
> >
> > On Tue, Oct 17, 2017 at 11:32:55PM +0200, Alexander Wirt wrote:
> > > On Tue, 17 Oct 2017, Francesco Poli wrote:
> > >
> > > > On Mon, 16 Oct 2017 04:28:09 + Ondřej Surý wrote:
> > > >
> > > > [...]
> > > > > Francesco, great idea, go ahead. You would be most welcome to help
> with
> > > > > Debian Ruby Extra packaging.
> > > >
> > > > Unfortunately, I have basically zero knowledge about Rails,
> JavaScript
> > > > and Node.js: I could not be of much help in packaging GitLab.
> > > >
> > > > What I meant was that the time that will be spent in manually
> installing,
> > > > manually adapting, and manually upgrading the upstream version, would
> > > > perhaps be better spent in helping the maintainers to keep the Debian
> > > > package up-to-date and in using the Debian package in stead of the
> upstream
> > > > version...
> > > Nope. I know how to setup gitlab, I don't - and I don't want to have
> > > knowledge (and I don't have time to do it) to maintain numerous ruby
> and
> > > nodejs modules.
> > >
> > > Alex
> > >
> >
> > On 16 October 2017 at 06:52, Pirate Praveen 
> wrote:
> > > On 10/16/2017 03:45 AM, Francesco Poli wrote:
> > >> I would say that this issue with the Debian packages of GitLab should
> > >> be addressed by helping the Debian Ruby Extras Maintainers to improve
> > >> the Debian packages and to keep them more up-to-date.
> > >
> > > gitlab 9.x has switched to using node modules + webpack for front end.
> > > So any help in packaging the node dependencies welcome.
> > >
> > > See https://wiki.debian.org/Javascript/Nodejs/Tasks/gitlab for the
> > > current status.
> > >
> > > Btw all ruby dependencies for 9.5.x are packaged already.
> > >
> >
> > Dear Javascript Team,
> >
> > Would you please consider maintaining the "numerous [...] nodejs
> > modules" necessary for Debian's Alioth replacement to run on a
> > Debian-built GitLab package?  We are facing a scenario that confirms
> > that Debian packaging is not good enough--even for Debian's own
> > infrastructure.
> >
> > I would join the team, but it would take me weeks/months to learn
> > about Javascript and Nodejs, and it seems this transition is imminent.
> >
> > In the worst-case scenario, if that work cannot be completed on time,
> > a deadline should be set for transitioning to official Debian-built
> > packages.  Let's say well before DebConf18 so that it will be well
> > tested for DebCamp.
> >
> > Please reply to debian-devel and CC Francesco Poli <
> invernom...@paranoici.org>
> Please don't get me wrong, but even if gitlab packages are recent tomorrow
> (which I
> don't think) we won't migrate. The work is done and we have all the things
> in
> place to maintain them. So please do me a favour and don't mention alioth
> as
> the reason.
>
> Alex
>
> --
Ondřej Surý 
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement

[Alexander Wirt]

On Tue, 17 Oct 2017, Nicholas D Steeves wrote:

> CCing the Javascript Team.
> 
> Original post on debian-devel, see:
> Message-Id: <20171016001558.a9c2e92f9155e844f43ce...@paranoici.org>
> 
> Or alternatively:
> https://lists.debian.org/debian-devel/2017/10/msg00262.html
> 
> On Tue, Oct 17, 2017 at 11:32:55PM +0200, Alexander Wirt wrote:
> > On Tue, 17 Oct 2017, Francesco Poli wrote:
> > 
> > > On Mon, 16 Oct 2017 04:28:09 + Ondřej Surý wrote:
> > > 
> > > [...]
> > > > Francesco, great idea, go ahead. You would be most welcome to help with
> > > > Debian Ruby Extra packaging.
> > > 
> > > Unfortunately, I have basically zero knowledge about Rails, JavaScript
> > > and Node.js: I could not be of much help in packaging GitLab.
> > > 
> > > What I meant was that the time that will be spent in manually installing,
> > > manually adapting, and manually upgrading the upstream version, would
> > > perhaps be better spent in helping the maintainers to keep the Debian
> > > package up-to-date and in using the Debian package in stead of the 
> > > upstream
> > > version...
> > Nope. I know how to setup gitlab, I don't - and I don't want to have
> > knowledge (and I don't have time to do it) to maintain numerous ruby and
> > nodejs modules. 
> > 
> > Alex
> > 
> 
> On 16 October 2017 at 06:52, Pirate Praveen  wrote:
> > On 10/16/2017 03:45 AM, Francesco Poli wrote:
> >> I would say that this issue with the Debian packages of GitLab should
> >> be addressed by helping the Debian Ruby Extras Maintainers to improve
> >> the Debian packages and to keep them more up-to-date.
> >
> > gitlab 9.x has switched to using node modules + webpack for front end.
> > So any help in packaging the node dependencies welcome.
> >
> > See https://wiki.debian.org/Javascript/Nodejs/Tasks/gitlab for the
> > current status.
> >
> > Btw all ruby dependencies for 9.5.x are packaged already.
> >
> 
> Dear Javascript Team,
> 
> Would you please consider maintaining the "numerous [...] nodejs
> modules" necessary for Debian's Alioth replacement to run on a
> Debian-built GitLab package?  We are facing a scenario that confirms
> that Debian packaging is not good enough--even for Debian's own
> infrastructure.
> 
> I would join the team, but it would take me weeks/months to learn
> about Javascript and Nodejs, and it seems this transition is imminent.
> 
> In the worst-case scenario, if that work cannot be completed on time,
> a deadline should be set for transitioning to official Debian-built
> packages.  Let's say well before DebConf18 so that it will be well
> tested for DebCamp.
> 
> Please reply to debian-devel and CC Francesco Poli 
Please don't get me wrong, but even if gitlab packages are recent tomorrow 
(which I
don't think) we won't migrate. The work is done and we have all the things in
place to maintain them. So please do me a favour and don't mention alioth as
the reason. 

Alex



signature.asc
Description: PGP signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement

[Nicholas D Steeves]

CCing the Javascript Team.

Original post on debian-devel, see:
Message-Id: <20171016001558.a9c2e92f9155e844f43ce...@paranoici.org>

Or alternatively:
https://lists.debian.org/debian-devel/2017/10/msg00262.html

On Tue, Oct 17, 2017 at 11:32:55PM +0200, Alexander Wirt wrote:
> On Tue, 17 Oct 2017, Francesco Poli wrote:
> 
> > On Mon, 16 Oct 2017 04:28:09 + Ondřej Surý wrote:
> > 
> > [...]
> > > Francesco, great idea, go ahead. You would be most welcome to help with
> > > Debian Ruby Extra packaging.
> > 
> > Unfortunately, I have basically zero knowledge about Rails, JavaScript
> > and Node.js: I could not be of much help in packaging GitLab.
> > 
> > What I meant was that the time that will be spent in manually installing,
> > manually adapting, and manually upgrading the upstream version, would
> > perhaps be better spent in helping the maintainers to keep the Debian
> > package up-to-date and in using the Debian package in stead of the upstream
> > version...
> Nope. I know how to setup gitlab, I don't - and I don't want to have
> knowledge (and I don't have time to do it) to maintain numerous ruby and
> nodejs modules. 
> 
> Alex
> 

On 16 October 2017 at 06:52, Pirate Praveen  wrote:
> On 10/16/2017 03:45 AM, Francesco Poli wrote:
>> I would say that this issue with the Debian packages of GitLab should
>> be addressed by helping the Debian Ruby Extras Maintainers to improve
>> the Debian packages and to keep them more up-to-date.
>
> gitlab 9.x has switched to using node modules + webpack for front end.
> So any help in packaging the node dependencies welcome.
>
> See https://wiki.debian.org/Javascript/Nodejs/Tasks/gitlab for the
> current status.
>
> Btw all ruby dependencies for 9.5.x are packaged already.
>

Dear Javascript Team,

Would you please consider maintaining the "numerous [...] nodejs
modules" necessary for Debian's Alioth replacement to run on a
Debian-built GitLab package?  We are facing a scenario that confirms
that Debian packaging is not good enough--even for Debian's own
infrastructure.

I would join the team, but it would take me weeks/months to learn
about Javascript and Nodejs, and it seems this transition is imminent.

In the worst-case scenario, if that work cannot be completed on time,
a deadline should be set for transitioning to official Debian-built
packages.  Let's say well before DebConf18 so that it will be well
tested for DebCamp.

Please reply to debian-devel and CC Francesco Poli 

Sincerely,
Nicholas


signature.asc
Description: PGP signature
-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel