[Koha-devel] Adopting CPAN and Carton
dcook at prosentient.com.au
dcook at prosentient.com.au
Wed Jun 17 04:25:31 CEST 2020
Solving the problem as a community sounds good to me.
Can you clarify your previous email, Chris? Are you suggesting that developers should make their code work only with Debian stable versions?
Tomas, I haven't followed the Mojolicious work very closely, but is the issue that different Debian releases supply different versions of Mojolicious? So it's difficult for developers to make the code work with stable versions, when there is no static version due to supporting multiple OS versions?
David Cook
Systems Librarian
Prosentient Systems
72/330 Wattle St
Ultimo, NSW 2007
Australia
Office: 02 9212 0899
Online: 02 8005 0595
-----Original Message-----
From: Koha-devel <koha-devel-bounces at lists.koha-community.org> On Behalf Of Chris Cormack
Sent: Wednesday, 17 June 2020 6:35 AM
To: koha-devel at lists.koha-community.org
Subject: Re: [Koha-devel] Adopting CPAN and Carton
Yep I feel like this is something we need to look at.
Because I feel like we are constantly making more work for ourselves instead of trying to reduce it.
Or pushing all the work from the developers (making the code work with stable versions) onto package/infrastructure managers (packaging and maintaining versions not tested heavily by anyone except us).
I think this is a wider problem that we need to solve as a community.
Chris
On 17/06/20 8:29 am, Tomas Cohen Arazi wrote:
> The problem we have is we are starting to be unable to rely on
> upstream Debian packages due to problematic version changes on our
> deps more often than before. We always pick the debian stable
> versions, but it has become harder and harder to wrap things together
> lately. Mojolicious v6 vs v7 vs v8?
>
>
>
> El mar., 16 jun. 2020 a las 17:20, Chris Cormack
> (<chrisc at catalyst.net.nz <mailto:chrisc at catalyst.net.nz>>) escribió:
>
>
>
> On 15/06/20 10:59 pm, Renvoize, Martin wrote:
> > A couple of things
> >
> > 1) You can already test koha using all the latest Perl
> dependencies from
> > cpan using koha-testing-docker (Just set CPAN=1 in your environment
> > before calling ku).. and I set this to run periodically on Jenkins
> > 2) Carton takes snapshots to 'fix' your dependencies at specific
> > versions.. all Perl dependencies, not just those you list in the
> > cpanfile.. The idea is you use carton to ensure you match exactly what
> > other developers are using, and track that list in git so you can
> > upgrade on mass.
> >
> > I can see arguments for both cases. I argued against using
> Mojolicious
> > and the OpenAPI plugin at the time because I knew the projects
> well and
> > they are fast-moving and as such being 'stuck' on the Debian
> packages or
> > stuck maintaining our own Debian packages is forever a challenge (and
> > I've been proved right on that count a few times now).
>
> Counter counter point, and why we should be using stable packages
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962318
>
> I think we are spread thin enough as it is, and we should be using
> versions already packaged.
>
> Chris
>
> >
> > Just my two pence to add to the conversation.
> >
> >
> > *Martin Renvoize*
> >
> >
> >
> > <https://www.ptfs-europe.com>
> >
> > Development Team Manager
> >
> > Community Release Manager (19.11, 20.05)
> >
> >
> > *Phone:* +44 (0) 1483 378728
> >
> >
> >
> > *Mobile:* +44 (0) 7725 985 636
> >
> > *Email:* martin.renvoize at ptfs-europe.com
> <mailto:martin.renvoize at ptfs-europe.com>
> > <mailto:martin.renvoize at ptfs-europe.com
> <mailto:martin.renvoize at ptfs-europe.com>>
> >
> >
> >
> > *Fax:* +44 (0) 800 756 6384
> >
> >
> >
> >
> > www.ptfs-europe.com <http://www.ptfs-europe.com>
> <https://www.ptfs-europe.com>
> >
> >
> >
> >
> >
> >
> >
> > Registered in the United Kingdom No. 06416372 VAT Reg No. 925
> 7211 30
> >
> >
> > The information contained in this email message may be privileged,
> > confidential and protected from disclosure. If you are not the
> intended
> > recipient, any dissemination, distribution or copying is strictly
> > prohibited. If you think that you have received this email message in
> > error, please email the sender at info at ptfs-europe.com
> <mailto:info at ptfs-europe.com>
> > <mailto:info at ptfs-europe.com <mailto:info at ptfs-europe.com>>
> >
> >
> >
> >
> >
> > On Thu, 11 Jun 2020 at 00:59, <dcook at prosentient.com.au
> <mailto:dcook at prosentient.com.au>
> > <mailto:dcook at prosentient.com.au
> <mailto:dcook at prosentient.com.au>>> wrote:
> >
> > Sourcing Perl dependencies via Debian's Apt repositories or
> embedded
> > CPAN dependencies wouldn't affect your "aptitude
> update/upgrade", as
> > Koha would've been tested ahead of time before being released.
> >
> > Perl and npm are apples and oranges. Perl is to Node.js as
> carton is
> > to npm. There are good and bad packages in both ecosystems.
> >
> > But Debian Perl package maintainers are very useful. My favourite
> > example is HTTP::OAI. Tim Brody's HTTP::OAI version 4.03 on
> CPAN was
> > broken. The version in Debian stayed on 3.27 for a while, and then
> > when 4.03+ was added to Debian, it included patches from a Debian
> > package maintainer. (Actually, looking at CPAN now, it seems like
> > someone else has also finally taken over HTTP::OAI from Tim Brody,
> > which is promising.)
> >
> > If we didn't use Debian packages, I suppose we would've stayed at
> > 3.27 until the CPAN version was fixed.
> >
> > David Cook
> > Systems Librarian
> > Prosentient Systems
> > 72/330 Wattle St
> > Ultimo, NSW 2007
> > Australia
> >
> > Office: 02 9212 0899
> > Online: 02 8005 0595
> >
> > -----Original Message-----
> > From: Koha-devel <koha-devel-bounces at lists.koha-community.org
> <mailto:koha-devel-bounces at lists.koha-community.org>
> > <mailto:koha-devel-bounces at lists.koha-community.org
> <mailto:koha-devel-bounces at lists.koha-community.org>>> On Behalf Of
> > Mike Lake
> > Sent: Wednesday, 10 June 2020 6:04 PM
> > To: koha-devel at lists.koha-community.org
> <mailto:koha-devel at lists.koha-community.org>
> > <mailto:koha-devel at lists.koha-community.org
> <mailto:koha-devel at lists.koha-community.org>>
> > Subject: Re: [Koha-devel] Adopting CPAN and Carton
> >
> > Plus for Chris's view on this.
> >
> > As a sys admin that maintains a Koha for an org I want to be
> able to
> > "aptitude update/upgrade" without problems and do a future
> > dist-upgrade with few problems.
> >
> > Perl is pretty stable (vastly stable compared to npn packages) but
> > there are occasionally patches that come through. It's preferable
> > for a Debian Perl package maintainer to manage that I think.
> >
> > Mike
> > ---
> > Mike Lake
> >
> > On 2020-06-10 17:49, Chris Cormack wrote:
> > > Hi all
> > >
> > > Just want to put on record my thoughts that replacing the
> package
> > > architecture with carton or cpan seems like a bad idea.
> > > The main benefit of using modules packaged and tested by debian
> > > developers is that is a whole lot of work we don't have to
> do. It
> > > comes under the debian perl (who have massive combined
> knowledge) and
> > > the debian security team.
> > > If we are going to move away from that someone is going to
> be needing
> > > to follow all the security advisories for all the perl
> modules we use
> > > (must be a hundred or so) and deal with that. It also makes OS
> > > udgrades harder.
> > >
> > > I'm not opposed to having them as an option but replacing the
> > packages
> > > with them seems like a step into the utter chaos that is
> things like
> > > npm and the node world.
> > >
> > > Chris
> >
> > _______________________________________________
> > Koha-devel mailing list
> > Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>
> > <mailto:Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>>
> >
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> > website : http://www.koha-community.org/ git :
> > http://git.koha-community.org/ bugs :
> http://bugs.koha-community.org/
> >
> > _______________________________________________
> > Koha-devel mailing list
> > Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>
> > <mailto:Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>>
> >
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> > website : http://www.koha-community.org/
> > git : http://git.koha-community.org/
> > bugs : http://bugs.koha-community.org/
> >
> >
> > _______________________________________________
> > Koha-devel mailing list
> > Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>
> > https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> > website : http://www.koha-community.org/
> > git : http://git.koha-community.org/
> > bugs : http://bugs.koha-community.org/
> >
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> <mailto:Koha-devel at lists.koha-community.org>
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>
>
>
> --
> Tomás Cohen Arazi
> Theke Solutions (http://theke.io <http://theke.io/>) ✆ +54 9351
> 3513384
> GPG: B2F3C15F
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/ git :
> http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
>
_______________________________________________
Koha-devel mailing list
Koha-devel at lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 484 bytes
Desc: not available
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20200617/44394e26/attachment-0001.sig>
More information about the Koha-devel
mailing list