Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
Thoughts? Concerns?
-- Jared Smith
+1
On 11/11/2015 09:17 PM, Jared K. Smith wrote:
Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
Thoughts? Concerns?
-- Jared Smith
nodejs mailing list nodejs@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/nodejs
+1
On Nov 11, 2015, at 3:19 PM, Piotr Popieluch piotr1212@gmail.com wrote:
+1
On 11/11/2015 09:17 PM, Jared K. Smith wrote: Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
Thoughts? Concerns?
-- Jared Smith
nodejs mailing list nodejs@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/nodejs
nodejs mailing list nodejs@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/nodejs
On 11/11/15 20:17, Jared K. Smith wrote:
Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
Thoughts? Concerns?
No concerns at all. This is long overdue! (In the early days of Node.js in Fedora, T.C., Tom Hughes and I were automatically adding each other as co-maintainers for every new SCM request.)
Kind regards, Jamie
On Wed, Nov 11, 2015 at 4:00 PM, Jamie Nguyen j@jamielinux.com wrote:
No concerns at all. This is long overdue! (In the early days of Node.js in Fedora, T.C., Tom Hughes and I were automatically adding each other as co-maintainers for every new SCM request.)
I think that's great, but I hope that if we're not already beyond that point, that we get beyond that point soon. I'll go ahead and file an Infrastructure ticket to get the group created -- and then we can decide who should be a part of the group. Obviously T.C, Tom, and Jamie should be on the list. I'd like to be on the list as well for some of the packaging I'm doing for the IoT SIG, if you trust me.
-- Jared Smith
On Nov 11, 2015, at 5:06 PM, Jared K. Smith jsmith@fedoraproject.org wrote:
On Wed, Nov 11, 2015 at 4:00 PM, Jamie Nguyen j@jamielinux.com wrote: No concerns at all. This is long overdue! (In the early days of Node.js in Fedora, T.C., Tom Hughes and I were automatically adding each other as co-maintainers for every new SCM request.)
I think that's great, but I hope that if we're not already beyond that point, that we get beyond that point soon. I'll go ahead and file an Infrastructure ticket to get the group created -- and then we can decide who should be a part of the group. Obviously T.C, Tom, and Jamie should be on the list. I'd like to be on the list as well for some of the packaging I'm doing for the IoT SIG, if you trust me.
For whatever it's worth, I'll vouch for Jared. He knows what he's doing most of the time and knows enough to ask for help the rest of the time.
-- Jared Smith _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/nodejs
On 11/11/15 22:07, Stephen Gallagher wrote:
I think that's great, but I hope that if we're not already beyond that point, that we get beyond that point soon. I'll go ahead and file an Infrastructure ticket to get the group created -- and then we can decide who should be a part of the group. Obviously T.C, Tom, and Jamie should be on the list. I'd like to be on the list as well for some of the packaging I'm doing for the IoT SIG, if you trust me.
For whatever it's worth, I'll vouch for Jared. He knows what he's doing most of the time and knows enough to ask for help the rest of the time.
Jared, it's humble of you not to presume that we trust you, but of course we trust you! :-)
Aside from the people already chatting in this thread, I think Troy Dawson and Ralph Bean would be suitable for the list too (and maybe some others that I forgot).
Kind regards, Jamie
On Wed, Nov 11, 2015 at 5:06 PM, Jared K. Smith jsmith@fedoraproject.org wrote:
I'll go ahead and file an Infrastructure ticket to get the group created -- and then we can decide who should be a part of the group
Ticket opened at https://fedorahosted.org/fedora-infrastructure/ticket/4957
-- Jared Smith
I'd like to be in the SIG too, if you don't mind. I maintain Node.js in RHEL and it's in my best interest to keep fedora updated.
Zuzana
----- Original Message ----- From: "Jared K. Smith" jsmith@fedoraproject.org To: "Node.js on Fedora" nodejs@lists.fedoraproject.org Sent: Wednesday, November 11, 2015 10:23:58 PM Subject: Re: Thoughts on a NodeJS packaging group
On Wed, Nov 11, 2015 at 5:06 PM, Jared K. Smith < jsmith@fedoraproject.org > wrote:
I'll go ahead and file an Infrastructure ticket to get the group created -- and then we can decide who should be a part of the group
Ticket opened at https://fedorahosted.org/fedora-infrastructure/ticket/4957
On Wed, Nov 11, 2015 at 5:23 PM, Jared K. Smith jsmith@fedoraproject.org wrote:
Ticket opened at https://fedorahosted.org/fedora-infrastructure/ticket/4957
The new FAS group and packaging group have been setup. This required us setting up a new private nodejs-sig mailing list for the group administrators (to be able to reset the bugzilla password, etc.), and I added most if not all of the main NodeJS packagers to both the FAS group and the mailing list. If I didn't add you please don't be offended -- it was an oversight on my part. Feel free to reach out to me (either directly, or apply through the appropriate interfaces) and I'd be happy to add you.
I've also added group::nodejs-sig as an approved committer on all of my NodeJS packages in Fedora, and encourage everyone here to do the same with their own packages.
Have a great weekend!
-- Jared Smith
On 13/11/15 18:44, Jared K. Smith wrote:
The new FAS group and packaging group have been setup. This required us setting up a new private nodejs-sig mailing list for the group administrators (to be able to reset the bugzilla password, etc.), and I added most if not all of the main NodeJS packagers to both the FAS group and the mailing list. If I didn't add you please don't be offended -- it was an oversight on my part. Feel free to reach out to me (either directly, or apply through the appropriate interfaces) and I'd be happy to add you.
I've also added group::nodejs-sig as an approved committer on all of my NodeJS packages in Fedora, and encourage everyone here to do the same with their own packages.
For anyone reading who might find this useful, this is the command-line I used. (Change the awk regex to match your packages.)
# install pkgdb-cli dnf install packagedb-cli
# get list of packages pkgdb-cli list --user jamielinux | awk '$1 ~ /^node|mocha|uglify-js*|coffee-script|marked|docco|expresso|jasmine|^js-|lessjs|web-assets|ycssmin|npm|libuv/ {print $1}' > pkg.txt
# check contents less pkg.txt
# grant acl for i in $(cat pkg.txt); do pkgdb-cli update \ --approve $i commit group::nodejs-sig all; sleep 0.5s; done
It's running as I type this :)
Kind regards, Jamie
On 13/11/15 18:44, Jared K. Smith wrote:
The new FAS group and packaging group have been setup. This required us setting up a new private nodejs-sig mailing list for the group administrators (to be able to reset the bugzilla password, etc.), and I added most if not all of the main NodeJS packagers to both the FAS group and the mailing list. If I didn't add you please don't be offended -- it was an oversight on my part. Feel free to reach out to me (either directly, or apply through the appropriate interfaces) and I'd be happy to add you.
I've created a koschei group, with everybody that's in the FAS group as admins, and added my packages to it. You can find it here:
https://apps.fedoraproject.org/koschei/groups/tomh/nodejs
I suggest we open an infrastructure ticket to get it promoted to a global group.
If you haven't already enabled koschei for your packages then I'd recommend it - especially if the package has tests working that it works really well as a way of quickly discovering when a change in a dependency has broken things.
Tom
On 14/11/15 11:00, Tom Hughes wrote:
I've created a koschei group, with everybody that's in the FAS group as admins, and added my packages to it. You can find it here:
https://apps.fedoraproject.org/koschei/groups/tomh/nodejs
I suggest we open an infrastructure ticket to get it promoted to a global group.
I've added a whole load more packages to the group now, and filed a ticket to get it promoted:
https://fedorahosted.org/fedora-infrastructure/ticket/4959
Tom
I think we forgot about asking Ralph Bean... :(
@Ralph, would you like to join the nodejs-sig and would you like to give acl access to group::nodejs-sig for your existing nodejs package?
Piotr
On 11/13/2015 07:44 PM, Jared K. Smith wrote:
On Wed, Nov 11, 2015 at 5:23 PM, Jared K. Smith <jsmith@fedoraproject.org mailto:jsmith@fedoraproject.org> wrote:
Ticket opened at https://fedorahosted.org/fedora-infrastructure/ticket/4957The new FAS group and packaging group have been setup. This required us setting up a new private nodejs-sig mailing list for the group administrators (to be able to reset the bugzilla password, etc.), and I added most if not all of the main NodeJS packagers to both the FAS group and the mailing list. If I didn't add you please don't be offended -- it was an oversight on my part. Feel free to reach out to me (either directly, or apply through the appropriate interfaces) and I'd be happy to add you.
I've also added group::nodejs-sig as an approved committer on all of my NodeJS packages in Fedora, and encourage everyone here to do the same with their own packages.
Have a great weekend!
-- Jared Smith
nodejs mailing list nodejs@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/nodejs
On 11/11/15 20:17, Jared K. Smith wrote:
Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
I guess that makes sense. The same idea has certainly crossed my mind in the past...
Tom
+1
----- Original Message ----- From: "Tom Hughes" tom@compton.nu To: "Node.js on Fedora" nodejs@lists.fedoraproject.org Sent: Wednesday, November 11, 2015 9:27:50 PM Subject: Re: Thoughts on a NodeJS packaging group
On 11/11/15 20:17, Jared K. Smith wrote:
Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
I guess that makes sense. The same idea has certainly crossed my mind in the past...
Tom
On 11/11/15 22:27, Tom Hughes wrote:
I guess that makes sense. The same idea has certainly crossed my mind in the past...
Tom
Yes, it makes sense.
My biggest concern currently is onboarding for new contributors (for node-related packages in Fedora) and docs for users. Both are lacking details. Esp. we'd need some text about the sig itself and how to get into it.
Matthias
Hi,
On Thu, Nov 12, 2015 at 1:47 AM, Jared K. Smith jsmith@fedoraproject.org wrote:
Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
Thoughts? Concerns?
This is really nice proposal. We should have nodejs fas group, maybe SIG for NodeJS. I think it should be simple to have on that group people who maintains most of the nodejs packages in Fedora. I also see most of the people participating this discussion are already provenpackagers so they should be already having powers to update nodejs packages in Fedora. I think good to include Zuzana and Piotr on this NodeJS group as they are still not provenpackagers.
Regards, Parag.
On Thu, Nov 12, 2015 at 3:24 AM, Parag Nemade pnemade@redhat.com wrote:
I also see most of the people participating this discussion are already provenpackagers so they should be already having powers to update nodejs packages in Fedora.
That's a good point, and one that I've neglected to bring up. I'm a provenpackager, but until now I've hesitated to just go updating other people's packages without a very compelling reason. I know there's not a lot of technical difference between me updating a package as a provenpackager vs. me updating a package as part of a NodeJS packaging group -- but from a perception standpoint, I feel there's a difference. Maybe it's just me though...
Along that same vein, though, I'll ask the question -- are people OK with me going through and updating some packages to the latest releases (assuming that the latest release still works on our current version of Node itself, and that it doesn't break the dependency chain on other packages)?
For example, the COPR repo I mentioned earlier has updates to probably around 100 or so NodeJS packages in Fedora that I'm working on as part of my efforts to get some IoT tools packaged for Fedora. My selfish short-term goal is to get the apps packaged up in the COPR repo, but the longer-term goal is to get the updated packages pushed back into Fedora so that the apps themselves are packaged directly in Fedora. Also, I'm keen to get NodeJS 4.2 (LTS) packaged and working on Fedora, but that's probably a topic best suited to another mailing list thread.
-- Jared Smith
On 12/11/15 11:51, Jared K. Smith wrote:
Along that same vein, though, I'll ask the question -- are people OK with me going through and updating some packages to the latest releases (assuming that the latest release still works on our current version of Node itself, and that it doesn't break the dependency chain on other packages)?
Well I think the vast majority of mine are already up to date and the ones which aren't have some reason why updating them is a problem that requires more significant effort.
Of course there may be a need to update dependencies in some of them and I think I've already sent you an email about my preferences on that front, namely that what I normally do is to fixdep to the current Fedora version but with a caret prefix.
I do generally prefer to be given a chance to update stuff myself first but so long as people do updates reasonably and don't make a mess of the spec file or anything then it shouldn't be a problem.
It has to be said I'm somewhat wary on this front, mostly because in the majority of previous occasions where somebody has tried to update one of my packages without speaking to me first they've managed to make a mess of it...
Tom
On Thu, Nov 12, 2015 at 1:09 PM, Tom Hughes tom@compton.nu wrote:
On 12/11/15 11:51, Jared K. Smith wrote:
Along that same vein, though, I'll ask the question -- are people OK
with me going through and updating some packages to the latest releases (assuming that the latest release still works on our current version of Node itself, and that it doesn't break the dependency chain on other packages)?
Well I think the vast majority of mine are already up to date and the ones which aren't have some reason why updating them is a problem that requires more significant effort.
Of course there may be a need to update dependencies in some of them and I think I've already sent you an email about my preferences on that front, namely that what I normally do is to fixdep to the current Fedora version but with a caret prefix.
I do generally prefer to be given a chance to update stuff myself first but so long as people do updates reasonably and don't make a mess of the spec file or anything then it shouldn't be a problem.
It has to be said I'm somewhat wary on this front, mostly because in the majority of previous occasions where somebody has tried to update one of my packages without speaking to me first they've managed to make a mess of it...
I did a query on bugzilla yesterday which showed that we have 250 release-monitoring bugs with status "new" for nodejs modules. Some of them are more than 1,5 years old and I don't even think we have release-monitoring enabled for all modules. I've already run into problems with some of my modules depending on new introduced features. So I really would appreciate Jared updating them. I also do understand Tom's concern.
What about first reassinging the release-monitoring bug to yourself, adding a comment that you want to update, wait a day or two, and then update?
Piotr
On Thu, Nov 12, 2015 at 8:04 AM, Piotr Popieluch piotr1212@gmail.com wrote:
What about first reassinging the release-monitoring bug to yourself, adding a comment that you want to update, wait a day or two, and then update?
That sounds like a good idea. I've added notes to several of the bugs, pointing to an updated SRPM in my COPR repo, but so far I haven't had a single response to any of the bug updates. I'll start moving forward with this plan, and see how it goes over the next couple of weeks. To make things a bit more simple, I'm only going to update the packages in Rawhide, unless you all prefer that I update them for F23/F22 as well.
-- Jared Smith
Hi guys, short-time lurker interested in getting more actively involved in helping the Fedora community.
Regarding updating NodeJS -- there's a group called NodeSource that has been actively maintaining the latest versions of NodeJS in RPM format. Should we be leveraging their work, and incorporated that into the upstream repository, or do we need to go about it another way? I've been running their repository for the last few months without any problems; however, I'll admit I'm using npm install instead of dnf install nodejs-* for all my packaging needs.
-- Robert Van Voorhees
On Thu, Nov 12, 2015 at 6:51 AM Jared K. Smith jsmith@fedoraproject.org wrote:
On Thu, Nov 12, 2015 at 3:24 AM, Parag Nemade pnemade@redhat.com wrote:
I also see most of the people participating this discussion are already provenpackagers so they should be already having powers to update nodejs packages in Fedora.
That's a good point, and one that I've neglected to bring up. I'm a provenpackager, but until now I've hesitated to just go updating other people's packages without a very compelling reason. I know there's not a lot of technical difference between me updating a package as a provenpackager vs. me updating a package as part of a NodeJS packaging group -- but from a perception standpoint, I feel there's a difference. Maybe it's just me though...
Along that same vein, though, I'll ask the question -- are people OK with me going through and updating some packages to the latest releases (assuming that the latest release still works on our current version of Node itself, and that it doesn't break the dependency chain on other packages)?
For example, the COPR repo I mentioned earlier has updates to probably around 100 or so NodeJS packages in Fedora that I'm working on as part of my efforts to get some IoT tools packaged for Fedora. My selfish short-term goal is to get the apps packaged up in the COPR repo, but the longer-term goal is to get the updated packages pushed back into Fedora so that the apps themselves are packaged directly in Fedora. Also, I'm keen to get NodeJS 4.2 (LTS) packaged and working on Fedora, but that's probably a topic best suited to another mailing list thread.
-- Jared Smith _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/nodejs
On 12/11/15 12:36, Robert Van Voorhees wrote:
Regarding updating NodeJS -- there's a group called NodeSource that has been actively maintaining the latest versions of NodeJS in RPM format. Should we be leveraging their work, and incorporated that into the upstream repository, or do we need to go about it another way? I've been running their repository for the last few months without any problems; however, I'll admit I'm using npm install instead of dnf install nodejs-* for all my packaging needs.
I'm not really sure what you mean... I mean we already have it packaged, it just needs updating. It's unlikely that a third party package that likely doesn't follow Fedora packaging guidelines will be a huge amount of help.
I haven't been involved in packaging nodejs itself, but I think the main issue is normally making sure that a compatible v8 is used.
Updating the npm stack is probably a bigger challenge.
Tom
On Thu, Nov 12, 2015 at 9:24 AM, Parag Nemade pnemade@redhat.com wrote:
Hi,
On Thu, Nov 12, 2015 at 1:47 AM, Jared K. Smith jsmith@fedoraproject.org wrote:
Several of the other SIGs have a packaging group with ACL permissions on various packages that correspond with their SIG. I think we're to the point with NodeJS packages that it makes sense to make all of the nodejs-* packages part of a NodeJS packaging group, and then add the main NodeJS packagers to said group.
That way, we wouldn't have to request individual ACLs on each of the NodeJS packages should we want to help keep them up to date.
Thoughts? Concerns?
This is really nice proposal. We should have nodejs fas group, maybe SIG for NodeJS. I think it should be simple to have on that group people who maintains most of the nodejs packages in Fedora. I also see most of the people participating this discussion are already provenpackagers so they should be already having powers to update nodejs packages in Fedora. I think good to include Zuzana and Piotr on this NodeJS group as they are still not provenpackagers.
Regards, Parag.
Yes, I would like to join as well to be able to help out with updating modules.
nodejs mailing list nodejs@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/nodejs
nodejs@lists.fedoraproject.org
-
Jamie Nguyen -
Jared K. Smith -
Matthias Runge -
Parag Nemade -
Piotr Popieluch -
Robert Van Voorhees -
Stephen Gallagher -
Tom Hughes -
Zuzana Svetlikova