cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carlos Santana <csantan...@gmail.com>
Subject Re: [DISCUSS] Cordova-common 1.1.0 release
Date Thu, 18 Feb 2016 12:20:12 GMT
I agree shrinkwrap is better technical, it was just buggy in the past and now I think is more
stable. 

Also in the past there was a debate if the shrinkwrap goes in git, as it confuse some committers
when they updated a dependency in package.json then npm install nothing got updated, why?
because package.json got ignore and shrinkwrap was in place

The are multiple goals not just that dependencies don't change, but also Legal

We don't want to a hard dependency on package that has a license that prevents a downstream
(i.e. Worklight) to redistribute or build software with such dependency packages with not
healthy licenses. 

That's why one of the reasons we do bundling today in git of 3rd party npm packages for platform
repos, better chance and more eyes on the license of this packages on what's included when
we do a release. 

I don't mind changing how we build software we just need to be mindful 

- Carlos
@csantanapr

> On Feb 18, 2016, at 3:18 AM, Vladimir Kotikov (Akvelon) <v-vlkoti@microsoft.com>
wrote:
> 
> I don’t have a strict opinion about dynamic vs static dependencies, but IMO if
we want to pin the version of every subdependency, shrinkwrap is better than bundling. At
least it would be less prone to human errors (missing packages' files, line endings in subpackages
- we'd ran into all of this already).
> -
> Best regards, Vladimir 
> 
> -----Original Message-----
> From: Carlos Santana [mailto:csantana23@gmail.com] 
> Sent: Tuesday, February 16, 2016 7:23 PM
> To: dev@cordova.apache.org
> Subject: Re: [DISCUSS] Cordova-common 1.1.0 release
> 
> Sorry for the typo. I meant
> If I install a piece of software component version 1.2.3 today, and install version 1.2.3
a week after I'm expecting to reproduce the same environment.
> 
> Net is that a user complains to us about problem, we should be able to reproduce it if
we know the version number, and not just tell them try to npm install again and the problem
might go away, and some times the reason it goes away and starts working is because one of
the dependencies changed and the software is not longer the same as the one he as having problems.
> 
> On Tue, Feb 16, 2016 at 11:20 AM Carlos Santana <csantana23@gmail.com>
> wrote:
> 
>> I'm not big fan of dynamic dependencies, but I'm fan a predictable and 
>> reproducible environments
>> 
>> managing dependencies during development is much different than 
>> managing dependencies when go live into production.
>> 
>> Take into account that not just the cordova code that runs on the 
>> phone runtime I consider as production code, the cordova code that 
>> users get for tooling I also consider as production code as it's used in devops systems.
>> 
>> That's why is best practice to bundle all the code that the nodejs 
>> server is going to need when going into production, and recently have 
>> heard that folks are using docker images that build nodejs  core 
>> binary with static libraries to not rely on the dynamic libraries from the operating
system.
>> 
>> If I install a piece of software component version 1.2.3 today, and 
>> install version 2.3.0 a week after I'm expecting to reproduce the same 
>> environment.
>> With the way npm handles dependecies, and folks declare dependencies 
>> in pacakge.json we can cordova can only control one level down in 
>> dependency tree.
>> 
>> That's why npmshrinkwrap is used when producing release build or just 
>> bundle dependency with release build.
>> 
>> I think in npm3 npmshrinkwrap function was improved to be more 
>> deterministic
>> 
>> 
>> 
>> On Tue, Feb 16, 2016 at 7:50 AM Vladimir Kotikov (Akvelon) < 
>> v-vlkoti@microsoft.com> wrote:
>> 
>>> Yes, a new patch release, I think.
>>> Can't wait when we start to install platforms as packages - then we 
>>> won't need to bundle everything :)
>>> 
>>> -
>>> Best regards, Vladimir
>>> 
>>> -----Original Message-----
>>> From: Carlos Santana [mailto:csantana23@gmail.com]
>>> Sent: Tuesday, February 16, 2016 3:23 PM
>>> To: dev@cordova.apache.org
>>> Subject: Re: [DISCUSS] Cordova-common 1.1.0 release
>>> 
>>> Vladimir,
>>>  I forgot about that it's a bundled dependency. No blog is need it 
>>> then
>>> 
>>> But a new Windows platform release will be required to be able to 
>>> pick up the new cordova-commons release right?
>>> 
>>> - Carlos
>>> @csantanapr
>>> 
>>> On Feb 16, 2016, at 5:23 AM, Vladimir Kotikov (Akvelon) < 
>>> v-vlkoti@microsoft.com> wrote:
>>> 
>>>>> cordova-windows won't as it has the dependency listed as ^1.0.0 
>>>>> which
>>> includes minor releases.
>>>> IMO since cordova-common is a bundled dependency, we still need for 
>>>> new
>>> release to bundle new version.
>>>> 
>>>> A small question - do we need for blog post for this release? I'd 
>>>> say
>>> no, as we releasing something for internal use, but what is your thoughts?
>>>> 
>>>> -
>>>> Best regards, Vladimir
>>>> 
>>>> -----Original Message-----
>>>> From: Steven Gill [mailto:stevengill97@gmail.com]
>>>> Sent: Tuesday, February 16, 2016 7:49 AM
>>>> To: dev@cordova.apache.org
>>>> Subject: Re: [DISCUSS] Cordova-common 1.1.0 release
>>>> 
>>>> Yes. I'd like us to go ^1.0.0 and include minors. Just need to be
>>> careful when doing minor common releases to not break platforms.
>>>>> On Feb 15, 2016 8:11 PM, "Carlos Santana" <csantana23@gmail.com>
>>> wrote:
>>>>> 
>>>>> Should we be consistent about how we declare the dependency for 
>>>>> platforms against cordova-common ?
>>>>> 
>>>>> 
>>>>> 
>>>>> On Mon, Feb 15, 2016 at 11:04 PM Steven Gill 
>>>>> <stevengill97@gmail.com>
>>>>> wrote:
>>>>> 
>>>>>> Sounds good.
>>>>>> 
>>>>>> Cordova-lib, Cordova-android and cordova-ios will need to have 
>>>>>> releases with this updated cordova-common.
>>>>>> 
>>>>>> cordova-windows won't as it has the dependency listed as ^1.0.0 
>>>>>> which includes minor releases.
>>>>>> 
>>>>>> On Mon, Feb 15, 2016 at 6:29 AM, Vladimir Kotikov (Akvelon) <

>>>>>> v-vlkoti@microsoft.com> wrote:
>>>>>> 
>>>>>>> Hi, guys.
>>>>>>> I'm planning to do a minor release for cordova-common.
>>>>>>> 
>>>>>>> Here is the list of JIRAs to be resolved in this release (aka
>>>>>>> RELEASENOTES):
>>>>>>> 
>>>>>>> * CB-10052 Improve superspawn to allow to handle spawned process

>>>>>>> io
>>>>>> streams
>>>>>>> * CB-10176 Cordova-common should contain a default logger
>>>>> implementation
>>>>>>> * CB-10430 cordova-common events don't reach platform's code
>>>>>>> * CB-10497 android build with ant fails
>>>>>>> 
>>>>>>> The version to be released is cordova-common@1.1.0
>>>>>>> 
>>>>>>> Does anyone have any reason to delay a tools release?
>>>>>>> Any outstanding patches to land?
>>>>>>> 
>>>>>>> If not, I will start the release on Wed, 16th.
>>>>>>> 
>>>>>>> -
>>>>>>> Best regards, Vladimir
>>>>>>> 
>>>>>>> ----------------------------------------------------------------
>>>>>>> --
>>>>>>> --- To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>>>>>>> For additional commands, e-mail: dev-help@cordova.apache.org
>>>> 
>>>> -------------------------------------------------------------------
>>>> -- To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>>>> For additional commands, e-mail: dev-help@cordova.apache.org
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>>> For additional commands, e-mail: dev-help@cordova.apache.org
>>> 
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
>>> For additional commands, e-mail: dev-help@cordova.apache.org
> ТÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÒÐÐ¥FòVç7V'67&–&RÂRÖÖ–âFWb×Vç7V'67&–&T6÷&F÷fæ6†Ræ÷&pФf÷"FF—F–öæÂ6öÖÖæG2ÂRÖÖ–âFWbÖ†VÇ6÷&F÷fæ6†Ræ÷&pÐ

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@cordova.apache.org
For additional commands, e-mail: dev-help@cordova.apache.org


Mime
View raw message