Hi, all,
As you may noticed, npm has been splitted from nodejs main package
since openSUSE 13.2.
If I remembered correctly, the reason of the split given was: to get
the latest updated npm.
But now it has been proved that the split is a total failure.
It not only increased the possibility of a broken npm in
openSUSE:Factory but also increased the difficulty to maintain npm.
And it can not even guarantee a latest updated npm at all.
Let me explain the situation now:
0. If npm is built from the nodejs package, we only need to maintain
one package. If npm is splitted as it is now, we have to maintain
about 40 packages and their dependencies, it is about 100+ packages as
I counted.
1. nodejs-packaging is not a tool good for aggegation. eg: if you just
build one package, you can check its dependencies found by
nodejs-packaging through the OBS website; but if you're going to build
100 of such packages, it's very very time-consuming for you to do that
one by one.
And there's no way to have all the dependencies and sub-dependencies
at one time, the only similar tool existed is "npm shrinkwrap", but it
requires the latest npm installed first, or it can only give the
all-in-one dependecy map of the old installed npm.
2. And even this tool has conflicts with nodejs-packaging. "npm
install npm" will always installs a npm. But actually nodejs's
dependency checking is not as strict as nodejs-packaging. so even if
you update the packages based on "npm shrinkwrap" (I don't want to
mention the funny stuff like you want to update npm you have to have
an updated npm installed first), nodejs-packaging will still triggers
a lot of conflicts. Many of them are actually not resolveable at all,
eg: package A needs 0.8 version of package C, but package B needs 1.2
version of package C, package A and B are both dependencies for npm.
what should be done now? As a maintainer you have to read the git
commit logs of package C to see what happened between 0.8 and 1.2, to
see if it is safe to bump/downgrade version for A or B. If you're
lucky enough, it can be done no matter how painful it is. But if
you're not so lucky, you have to provide both 0.8 and 1.2 version,
that comes update-alternatives (which is questionable because in this
case 0.8 and 1.2 will be installed both, what if a file from 0.8 is
used with other files from 1.2? is it safe? no one knows).
3. nodejs-packaging's check result is not shown to you unless you
submit all packages to openSUSE:Factory. This means npm will be always
broken in devel:languages:nodejs because no one knows which package is
a dependency for npm and remember not to touch it! So if you accept a
single request to update a package, it is very likely that the whole
npm chain breaks.
Even if the results are shown to you now, you can't be sure factory
maintainers accepts your requests at the same time. That means npm in
Factory is very likely to break.
And as we introduced staging projects, a single request accepts much
faster than 100+ requests.
4. Actually the person who proposed the split never maintain npm after
2 or 3 submits. And 100+ packages really need lots of manpower. If I
want to update npm today, I can finish the work a month later if I do
nothing but to update nodejs-* packages once I login to OBS. While npm
will see 2 or 3 releases during that time, that means we will be
always late.
So here's what I want to do:
1. everything stops now, all npm dependencies will be removed from
Factory (writing Obsoletes will be a lot of work, see you in a month),
and npm builds from nodejs main package from now on.
2. someone steps in to maintain the packages with a program. Because
it's not doable for a human being as I told above.
Marguerite
--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-packaging+owner(a)opensuse.org
