cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Josh Soref <jso...@blackberry.com>
Subject Re: Browserify JS is in
Date Mon, 15 Dec 2014 15:37:55 GMT
We need to do a license review. While ideally it would be addressed by Apache's license review,
the way our process works, it isn't, so we get to look at all of the code blobs that we would
be "importing" (all dependencies) and identify where they're from and what their license is.
Then after that we get to make sure that their licenses are compatible. And then we get to
update a file which tries to explain to our users how the licenses impact them. (In general,
the answer is "no impact", but the problem is that there's a process before we get to that
point, it can easily burn a person-week.)

Note that I'm not opposed to any particular direction, just commenting to Andrew's point about
there being potential overhead in anything that happens, but especially involving new components.

Also, the same would apply for any new component, and in principle, it's a one-off thing,
so as long as we don't add component A for release 1, replace it with component B for release
2, and replace it with component C for release 3, then it's just a single week's cost for
the three releases and is only paid for that first release. The churn is more of a problem
for us (and we only pay for it if we choose to do a release, we do fewer releases than Cordova
or probably most of the other derivatives).

________________________________________________________________________
From: Andrew Grieve <agrieve@chromium.org<mailto:agrieve@chromium.org>>
Date: Mon Dec 15 2014 10:28:47 GMT-0500 (EST)
To: dev <dev@cordova.apache.org<mailto:dev@cordova.apache.org>>
Subject: Re: Browserify JS is in

Maybe most other companies are not in the same boat, but at Google we can't add any software
to our build process without it all being checked into source control (and reviewed). Currently
NPM is our biggest dependency, but thankfully we use that only for fetching (and so don't
need it if we
already have things locally). We launched an app (Primer) a few months ago, and as a part
of that I had to re-write some of cordova-lib in Python (was actually not that bad). So, I'm
really trying to figure out what the goals of browserify are in case I need to re-implement
it (Gorkem will also have to re-implement it in Java for Thyme)

I *think* we're at:

1. To concatenate cordova-js with plugin JS
2. To trim away modules from cordova-js that are not used by plugins & the active platform

Sound good? Complete list?




On Mon, Dec 15, 2014 at 9:25 AM, Michal Mocny <mmocny@chromium.org<mailto:mmocny@chromium.org>>
wrote:

> Thanks Steven.
>
> On Mon, Dec 15, 2014 at 12:15 AM, Steven Gill <stevengill97@gmail.com<mailto:stevengill97@gmail.com>>
> wrote:
> >
> > For the lazy: cordova_plugins.js discussion
> > https://issues.apache.org/jira/plugins/servlet/mobile#issue/CB-8153 > > On
Dec 14, 2014 6:58 PM, "Michal Mocny" <mmocny@chromium.org<mailto:mmocny@chromium.org>>
wrote: > >
> > > Lets discuss the cordova_plugins.js thing elsewhere, this thread has > >
forked
> > > a lot already.
> > >
> > > On Sun, Dec 14, 2014 at 6:22 PM, Carlos Santana <csantana23@gmail.com<mailto:csantana23@gmail.com>>
> > > wrote:
> > > >
> > > > This is the part that I like the most:
> > > > "and start
> > > > writing plugins as proper node modules. Maybe even push them to npm >
and
> > > > manage dependencies that way."
> > > >
> > > > Agree with having less XHR, and concatenate cordova + plugins. > >
> > Not in love with cordova_plugins.js to know what plugins are included > >
in
> > > > the app, would prefer to see a package.json with all software that >
was
> > > use
> > > > to build the app, and maybe one day could a be a real valid
> > pacakge.json
> > > > that can be use to pull down dependencies.
> > > >
> > > > The same way we depend on npm, elementree, and dozen more npm modules
> > > that
> > > > our platforms and cli depend on, we don't distribute browserfy will >
be
> > > just
> > > > another one.
> > > > One thing I will consider with browserfy if there is a any code > coming
> > > from
> > > > browserfy like the bootstrap code that contains the require function,
> > > then
> > > > maybe only this code get's legally review as it going to be part of >
the
> > > App
> > > > that developer builds with cordova.
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > On Fri, Dec 12, 2014 at 5:34 PM, Brian LeRoux <b@brian.io<mailto:b@brian.io>>
wrote: > > > > >
> > > > > yeah we are *not* proposing to distribute browserify or its deps
> > > > >
> > > > > On Fri, Dec 12, 2014 at 1:38 PM, Joe Bowser <bowserj@gmail.com<mailto:bowserj@gmail.com>>
> > wrote:
> > > > >
> > > > > > What are we actually distributing?
> > > > > >
> > > > > > On Fri Dec 12 2014 at 12:36:03 PM Andrew Grieve <
> > > agrieve@chromium.org<mailto:agrieve@chromium.org>>
> > > > > > wrote:
> > > > > >
> > > > > > > On Fri, Dec 12, 2014 at 1:51 PM, Joe Bowser <bowserj@gmail.com<mailto:bowserj@gmail.com>
> >
> > > > wrote:
> > > > > > >
> > > > > > > > On Fri Dec 12 2014 at 10:25:51 AM Andrew Grieve <
> > > > > agrieve@chromium.org<mailto:agrieve@chromium.org>>
> > > > > > > > wrote:
> > > > > > > >
> > > > > > > > >
> > > > > > > > > I'm not actually worried about my disk filling
up.
> > Dependencies
> > > > > must
> > > > > > be
> > > > > > > > > vetted for appropriate licenses, so now there's
more > overhead
> > > > here.
> > > > > > If
> > > > > > > we
> > > > > > > > > need to make a change to the module system now
we need to > > poor
> > > > > > through
> > > > > > > > docs
> > > > > > > > > and make PRs instead of just editing our very
small
> > code-base.
> > > > > > > > >
> > > > > > > > >
> > > > > > > > This mix of MIT and 3-Clause BSD looks compatible
to me. > It's
> > > > weaker
> > > > > > > than
> > > > > > > > Apache, but not incompatible. Do we really need to
send this > > to
> > > > > legal?
> > > > > > > >
> > https://github.com/substack/node-browserify/blob/master/LICENSE
> > > > > > > >
> > > > > > > > There are people who can argue your other points better,
but > > > saying
> > > > > > that
> > > > > > > > the license is the overhead when you can find it in
the repo? > > > I'm
> > > > > not
> > > > > > > sure
> > > > > > > > how we would have gotten this far if we had to check
with > legal
> > > for
> > > > > > every
> > > > > > > > single dependency.
> > > > > > > >
> > > > > > >
> > > > > > > I meant that it depends on a bunch of other modules. Run
> > > > > license-checker
> > > > > > on
> > > > > > > browserify and you get: http://pastebin.com/XDMCTRRb
> > > > > > >
> > > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Carlos Santana
> > > > <csantana23@gmail.com<mailto:csantana23@gmail.com>>
> > > >
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message