Hi,
since nodejs currently present in EPEL is archaic and going EOL in ~7w, it might be time to finally update it. If anyone has any comments or suggestions, I'm all ears. Otherwise I'll start with the update tomorrow or on Friday.
Regards
Zuzka
On 08/10/2016 05:29 AM, Zuzana Svetlikova wrote:
Hi,
since nodejs currently present in EPEL is archaic and going EOL in ~7w, it might be time to finally update it. If anyone has any comments or suggestions, I'm all ears. Otherwise I'll start with the update tomorrow or on Friday.
To which version are you planning to update? I'd have a slight preference to making the move to Node.js 6.x rather than 4.x at this point, since that is going to be declared the active LTS version at the same point that the 0.10.x version goes EOL. That will mean that we get a full thirty months of support on it, vs the eighteen we will get out of Node.js 4.x.
We need to consider how we're going to do this as well. We will need to figure out in advance which packages in EPEL will need to be rebuilt simultaneously (all of the native modules will) and make sure we stick them into the same Bodhi erratum.
I would also recommend that we prep for this but only release the 6.x EPEL package on 2016-10-01 with the upstream release that they declare LTS, that way we have confidence we aren't shipping anything in EPEL that is going to change. (I suppose we could also start prepping it in updates-testing for a while but not allow it to go stable before that date, of course).
Lastly, we should consider what to do for the future. It might be time (at least in EPEL, possibly in Fedora) to consider whether we might want to look into parallel (or at least conflicting) installation of different versions of the interpreter into releases. Given the way Node.js functions, I suspect that we could build up a mechanism to build multiple subpackages for the native modules that would run with each of the interpreters.
The various versions don't necessarily need to parallel-install, but that would be ideal. (Using the alternatives system to pick which one gets /usr/bin/node and have the others be /usr/bin/node4 and /usr/bin/node6, etc.
I originally planned updating to v4, however, 6.x seems like a good idea.
So, multiple errata for nodejs/native modules/npm, or one to rule them all? There is ~700 nodejs packages in EPEL and I don't really know, if the rest are dependencies of some bigger application or just random modules.
I can imagine having two versions in Fedora (although I can't really see the use case), but having two node interpreters in EPEL means that one eventually goes EOL.
----- Original Message ----- From: "Stephen Gallagher" sgallagh@redhat.com To: nodejs@lists.fedoraproject.org Sent: Wednesday, August 10, 2016 1:43:46 PM Subject: Re: Updating EPEL
On 08/10/2016 05:29 AM, Zuzana Svetlikova wrote:
Hi,
since nodejs currently present in EPEL is archaic and going EOL in ~7w, it might be time to finally update it. If anyone has any comments or suggestions, I'm all ears. Otherwise I'll start with the update tomorrow or on Friday.
To which version are you planning to update? I'd have a slight preference to making the move to Node.js 6.x rather than 4.x at this point, since that is going to be declared the active LTS version at the same point that the 0.10.x version goes EOL. That will mean that we get a full thirty months of support on it, vs the eighteen we will get out of Node.js 4.x.
We need to consider how we're going to do this as well. We will need to figure out in advance which packages in EPEL will need to be rebuilt simultaneously (all of the native modules will) and make sure we stick them into the same Bodhi erratum.
I would also recommend that we prep for this but only release the 6.x EPEL package on 2016-10-01 with the upstream release that they declare LTS, that way we have confidence we aren't shipping anything in EPEL that is going to change. (I suppose we could also start prepping it in updates-testing for a while but not allow it to go stable before that date, of course).
Lastly, we should consider what to do for the future. It might be time (at least in EPEL, possibly in Fedora) to consider whether we might want to look into parallel (or at least conflicting) installation of different versions of the interpreter into releases. Given the way Node.js functions, I suspect that we could build up a mechanism to build multiple subpackages for the native modules that would run with each of the interpreters.
The various versions don't necessarily need to parallel-install, but that would be ideal. (Using the alternatives system to pick which one gets /usr/bin/node and have the others be /usr/bin/node4 and /usr/bin/node6, etc.
_______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
On 08/10/2016 10:02 AM, Zuzana Svetlikova wrote:
I originally planned updating to v4, however, 6.x seems like a good idea.
So, multiple errata for nodejs/native modules/npm, or one to rule them all? There is ~700 nodejs packages in EPEL and I don't really know, if the rest are dependencies of some bigger application or just random modules.
We don't need to rebuild all the packages, just the ones that have a requirement on nodejs(v8-abi), I think.
Looking through a repoquery on Fedora (which has a lot more packages), we don't have any packages that explicitly don't work with v6, either) ``` dnf repoquery --whatrequires "nodejs(engine)" --requires \ | sort -u \ |grep "nodejs(engine)" ```
I can imagine having two versions in Fedora (although I can't really see the use case), but having two node interpreters in EPEL means that one eventually goes EOL.
Honestly, I think the reverse makes more sense. Fedora should only have a single version for each release, but EPEL should probably always carry both supported LTS releases if we can manage it. It will provide people with an opportunity to migrate on their own schedule. I don't love that we're forcing the 0.10.x -> 6.x jump here, but 0.10.x is going EOL, so we don't have a lot of choices.
On 08/10/2016 11:29 AM, Zuzana Svetlikova wrote:
Hi,
since nodejs currently present in EPEL is archaic and going EOL in ~7w, it might be time to finally update it. If anyone has any comments or suggestions, I'm all ears. Otherwise I'll start with the update tomorrow or on Friday.
Could you please wait for these two security updates to land in stable before creating updates in bodhi?
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c4204e07c1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-36216b1c0b
I don't want users to be stuck with a vulnerable 10.x version until they had enough time to test an upgrade to 4.x / 6.x.
Regards
Zuzka _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
Could you please wait for these two security updates to land in stable before creating updates in bodhi?
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c4204e07c1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-36216b1c0b
I don't want users to be stuck with a vulnerable 10.x version until they had enough time to test an upgrade to 4.x / 6.x.
Sure, I don't think the update will be fully ready by then, anyway.
----- Original Message ----- From: "Piotr Popieluch" piotr1212@gmail.com To: "Node.js on Fedora" nodejs@lists.fedoraproject.org Sent: Wednesday, August 10, 2016 9:57:52 PM Subject: Re: Updating EPEL
On 08/10/2016 11:29 AM, Zuzana Svetlikova wrote:
Hi,
since nodejs currently present in EPEL is archaic and going EOL in ~7w, it might be time to finally update it. If anyone has any comments or suggestions, I'm all ears. Otherwise I'll start with the update tomorrow or on Friday.
Could you please wait for these two security updates to land in stable before creating updates in bodhi?
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c4204e07c1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-36216b1c0b
I don't want users to be stuck with a vulnerable 10.x version until they had enough time to test an upgrade to 4.x / 6.x.
Regards
Zuzka _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
_______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
nodejs@lists.fedoraproject.org
-
Piotr Popieluch -
Stephen Gallagher -
Zuzana Svetlikova