[Koha-devel] Adopting CPAN and Carton
Chris Cormack
chrisc at catalyst.net.nz
Tue Jun 16 22:19:39 CEST 2020
On 15/06/20 10:59 pm, Renvoize, Martin wrote:
> A couple of things
>
> 1) You can already test koha using all the latest Perl dependencies from
> cpan using koha-testing-docker (Just set CPAN=1 in your environment
> before calling ku).. and I set this to run periodically on Jenkins
> 2) Carton takes snapshots to 'fix' your dependencies at specific
> versions.. all Perl dependencies, not just those you list in the
> cpanfile.. The idea is you use carton to ensure you match exactly what
> other developers are using, and track that list in git so you can
> upgrade on mass.
>
> I can see arguments for both cases. I argued against using Mojolicious
> and the OpenAPI plugin at the time because I knew the projects well and
> they are fast-moving and as such being 'stuck' on the Debian packages or
> stuck maintaining our own Debian packages is forever a challenge (and
> I've been proved right on that count a few times now).
Counter counter point, and why we should be using stable packages
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962318
I think we are spread thin enough as it is, and we should be using
versions already packaged.
Chris
>
> Just my two pence to add to the conversation.
>
>
> *Martin Renvoize*
>
>
>
> <https://www.ptfs-europe.com>
>
> Development Team Manager
>
> Community Release Manager (19.11, 20.05)
>
>
> *Phone:* +44 (0) 1483 378728
>
>
>
> *Mobile:* +44 (0) 7725 985 636
>
> *Email:* martin.renvoize at ptfs-europe.com
> <mailto:martin.renvoize at ptfs-europe.com>
>
>
>
> *Fax:* +44 (0) 800 756 6384
>
>
>
>
> www.ptfs-europe.com <https://www.ptfs-europe.com>
>
>
>
>
>
>
>
> Registered in the United Kingdom No. 06416372 VAT Reg No. 925 7211 30
>
>
> The information contained in this email message may be privileged,
> confidential and protected from disclosure. If you are not the intended
> recipient, any dissemination, distribution or copying is strictly
> prohibited. If you think that you have received this email message in
> error, please email the sender at info at ptfs-europe.com
> <mailto:info at ptfs-europe.com>
>
>
>
>
>
> On Thu, 11 Jun 2020 at 00:59, <dcook at prosentient.com.au
> <mailto:dcook at prosentient.com.au>> wrote:
>
> Sourcing Perl dependencies via Debian's Apt repositories or embedded
> CPAN dependencies wouldn't affect your "aptitude update/upgrade", as
> Koha would've been tested ahead of time before being released.
>
> Perl and npm are apples and oranges. Perl is to Node.js as carton is
> to npm. There are good and bad packages in both ecosystems.
>
> But Debian Perl package maintainers are very useful. My favourite
> example is HTTP::OAI. Tim Brody's HTTP::OAI version 4.03 on CPAN was
> broken. The version in Debian stayed on 3.27 for a while, and then
> when 4.03+ was added to Debian, it included patches from a Debian
> package maintainer. (Actually, looking at CPAN now, it seems like
> someone else has also finally taken over HTTP::OAI from Tim Brody,
> which is promising.)
>
> If we didn't use Debian packages, I suppose we would've stayed at
> 3.27 until the CPAN version was fixed.
>
> David Cook
> Systems Librarian
> Prosentient Systems
> 72/330 Wattle St
> Ultimo, NSW 2007
> Australia
>
> Office: 02 9212 0899
> Online: 02 8005 0595
>
> -----Original Message-----
> From: Koha-devel <koha-devel-bounces at lists.koha-community.org
> <mailto:koha-devel-bounces at lists.koha-community.org>> On Behalf Of
> Mike Lake
> Sent: Wednesday, 10 June 2020 6:04 PM
> To: koha-devel at lists.koha-community.org
> <mailto:koha-devel at lists.koha-community.org>
> Subject: Re: [Koha-devel] Adopting CPAN and Carton
>
> Plus for Chris's view on this.
>
> As a sys admin that maintains a Koha for an org I want to be able to
> "aptitude update/upgrade" without problems and do a future
> dist-upgrade with few problems.
>
> Perl is pretty stable (vastly stable compared to npn packages) but
> there are occasionally patches that come through. It's preferable
> for a Debian Perl package maintainer to manage that I think.
>
> Mike
> ---
> Mike Lake
>
> On 2020-06-10 17:49, Chris Cormack wrote:
> > Hi all
> >
> > Just want to put on record my thoughts that replacing the package
> > architecture with carton or cpan seems like a bad idea.
> > The main benefit of using modules packaged and tested by debian
> > developers is that is a whole lot of work we don't have to do. It
> > comes under the debian perl (who have massive combined knowledge) and
> > the debian security team.
> > If we are going to move away from that someone is going to be needing
> > to follow all the security advisories for all the perl modules we use
> > (must be a hundred or so) and deal with that. It also makes OS
> > udgrades harder.
> >
> > I'm not opposed to having them as an option but replacing the
> packages
> > with them seems like a step into the utter chaos that is things like
> > npm and the node world.
> >
> > Chris
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/ git :
> http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>
More information about the Koha-devel
mailing list