Strategy for Node.js upgrade in EPEL 7

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Apologies for the re-send, but I typoed the epel-devel email address on the
first try.

On 09/13/2016 09:27 AM, Stephen Gallagher wrote:
> Yesterday, I built the latest upstream version of Node.js for EPEL 7 (this
> version will be supported until 2019-04-01)
> 
> I have added it to the buildroot overrides so that anyone can rebuild their npm
> modules at will. This *is* an API/ABI-breaking upgrade, so some modules will
> fail to function on this version. We don't know ahead of time which ones will do
> so, except for binary modules.
> 
> I am electing *not* to build in a side-tag for this. Many of the noarch packages
> will just work (or they won't, and a rebuild wouldn't help us detect this). I am
> therefore putting out a request to anyone using nodejs-* packages in EPEL to
> please install nodejs from epel-testing[2] and help us find any issues before
> October.
> 
> If you maintain a nodejs-* package in EPEL, please test that it continues to
> work with Node.js 6.x. If it does not, please update it and build it in Koji. If
> the update is compatible with 0.10.x, feel free to submit it to Bodhi; if it is
> not (or you simply want to push them all together), please notify me directly I
> will add it to the Bodhi update for nodejs so that it goes stable at the same
> time as the interpreter.
> 
> 
> 
> Due to upstream terminating support for 0.10.x on 2016-10-01, we *will* be
> cutting over to 6.x on or around that date, so this testing request is
> time-sensitive.
> 
> 
> [1] There's a long story behind this, but the short version is that the bundling
> style of npm makes it basically impossible to maintain, as even bugfix releases
> result in a huge tangled mess of dependencies. It is infeasible to keep up with
> bugfix and security updates. Node.js upstream is highly responsible and
> responsive about security issues, so we considered it an acceptable risk to
> bundle npm with the main package.
> 
> [2] https://copr.fedorainfracloud.org/coprs/g/nodejs-sig/nodejs-epel/ also has
> it, if your epel-testing mirrors don't have it yet.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
epel-devel mailing list
epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
https://lists.fedoraproject.org/admin/lists/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Announce]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Linux Apps]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux