On Wed, Dec 9, 2020 at 11:52 AM James Cassell
On Wed, Dec 9, 2020, at 1:44 PM, Ben Cotton wrote:
> == Summary ==
> For Nodejs, Fedora should only package:
> * The interpreter, development headers/libraries, and the assorted
> tools to manage project-level installations (NPM, yarn, etc.).
> * Packages that provide binaries that users would want to use in their shell.
> * compiled/binary nodejs modules (for now)
Better title would have been, "bundle all nodejs dependencies into binary packages
Yes ... that does sound better. Naming is hard.
It feels contrary to the Minimization Objective. Is there really no
better solution? Can modularity help here? Better packaging macros?
To me this sounds exactly in line with the Minimization Objective.
It can get rid of potentially 700 Fedora packages. Minimizing the
number of packages needed to be installed as well as being built with.
Is there really no better solution?
Not that we've found. This isn't an off the cuff proposal, it was
months of discussion on mailling lists and off.
To be honest, this is really years in the making. macros and scripts
were tried for years, making them better and better in hopes that it
would ease the problem. When things finally started falling apart, we
really could say we'd tried all we could, but nothing was sustainable.
Can modularity help here? Better packaging macros?
No, and No
How will licensing of dependencies be verified?
Unlike most other languages, nodejs libraries contain a License field
in their package.json.
A simple 'find' script can get the licenses of your bundled packages.
Run that each time you update your package, putting the output in your
License: line of your spec.
What happens when a project adds new dependencies?
You should re-run it every time you do any update, pulling in the
correct and often updated nodejs libraries for your package.