As indicated in previous emails, my new $DAYJOB responsibilities are leaving little time to spend on Node.js maintenance work. I'm happy to hang around and serve as a comaintainer, but primary maintainership in Fedora should really be picked up by someone who can dedicate more time to it.
Volunteers?
As an aside, Patches (T.C. Hollingsworth) is still listed as the primary maintainer, but he's been non-responsive for over a year now; we should probably request that FESCo orphan it so we can invest group::nodejs-sig as the official owner.
On Tue, May 31, 2016 at 09:56:30AM -0400, Stephen Gallagher wrote:
As indicated in previous emails, my new $DAYJOB responsibilities are leaving little time to spend on Node.js maintenance work. I'm happy to hang around and serve as a comaintainer, but primary maintainership in Fedora should really be picked up by someone who can dedicate more time to it.
Volunteers?
As an aside, Patches (T.C. Hollingsworth) is still listed as the primary maintainer, but he's been non-responsive for over a year now; we should probably request that FESCo orphan it so we can invest group::nodejs-sig as the official owner.
Hello Stephen,
first of all, thank you very much for spending so much time on maintaining Node.js in Fedora.
There are probably people on this list in a better position or with more interest to keep it alive. My %{dayjob} changed a bit, and I might need to keep an eye on Node.js myself. That being said, I'd be more than happy to see anyone else step up here.
Jumping to the more sad topic, please continue to request to orphan or re-assign patches' packages to group::nodejs-sig.
Best, Matthias
Hi,
I was responsible for nodejs in rhscl but my day job has changed.
But I do have interest in having latest stable releases of nodejs working on fedora.
I can dedicate to this work 2-4 hours per week. Now when we are shipping bundled npm and some other deps.
it may be doable for me.
On 05/31/2016 03:56 PM, Stephen Gallagher wrote:
As indicated in previous emails, my new $DAYJOB responsibilities are leaving little time to spend on Node.js maintenance work. I'm happy to hang around and serve as a comaintainer, but primary maintainership in Fedora should really be picked up by someone who can dedicate more time to it.
Volunteers?
As an aside, Patches (T.C. Hollingsworth) is still listed as the primary maintainer, but he's been non-responsive for over a year now; we should probably request that FESCo orphan it so we can invest group::nodejs-sig as the official owner.
nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
On 06/01/2016 08:25 AM, Tomas Hrcka wrote:
Hi,
I was responsible for nodejs in rhscl but my day job has changed.
But I do have interest in having latest stable releases of nodejs working on fedora.
I can dedicate to this work 2-4 hours per week. Now when we are shipping bundled npm and some other deps.
it may be doable for me.
At this point, I *think* I've gotten the spec file in good enough shape that updating to newer versions of Node.js should be fairly straightforward. (I'll remind people however that we've decided that Fedora will always ship the latest LTS release of Node.js in the official repositories and maintain that same version for that Fedora release.)
The steps to update Node.js should be as follows (We should probably write this into a wiki page somewhere...)
1. Modify nodejs.spec and set the nodejs_{major|minor|patch} versions to the new release. Save it. 2. Run ./nodejs-tarball.sh 3. Run `fedpkg new-sources nodejs-vM-m-p-stripped.tar.gz` Note: do *not* commit the unstripped tarball; it contains a bundled version of OpenSSL containing encryption algorithms of uncertain legal status. Fedora cannot include them in the SRPM. 4. Run `fedpkg prep` and examine the versions of the bundled c-ares, http_parser, punycode and npm. Update the spec file with any version changes. (The spec file contains comments directing you to the path to where you can find the versions). 4.a. If `fedpkg prep` fails to apply the patches, you will probably need to modify them. The most troublesome one is the one to use the system certificate store. You may be able to coordinate with Joseph Wang joequant@gmail.com on this if you need help. 5. Run a test build (I usually unset %{with_debug} for this, so it takes half the time). 6. Push and build in the appropriate Fedora branches.
On 06/01/2016 03:59 PM, Stephen Gallagher wrote:
On 06/01/2016 08:25 AM, Tomas Hrcka wrote:
Hi,
I was responsible for nodejs in rhscl but my day job has changed.
But I do have interest in having latest stable releases of nodejs working on fedora.
I can dedicate to this work 2-4 hours per week. Now when we are shipping bundled npm and some other deps.
it may be doable for me.
At this point, I *think* I've gotten the spec file in good enough shape that updating to newer versions of Node.js should be fairly straightforward. (I'll remind people however that we've decided that Fedora will always ship the latest LTS release of Node.js in the official repositories and maintain that same version for that Fedora release.)
I was watching work you have done on nodejs, and as you mentioned spec file seems to be in good shape thanks for that. Do you really mean LTS release? Because current LTS is 4.2 but stable is 6.2. I am in contact with multiple consumers of nodejs and current stable release may be better choice for fedora. Another option is to have LTS in current fedora release and latest stable in rawhide. Stable releases are much more useful in context of fedora since its used mostly by devels and we have LTS in centos as scl.
I am volunteering in both cases.
The steps to update Node.js should be as follows (We should probably write this into a wiki page somewhere...)
- Modify nodejs.spec and set the nodejs_{major|minor|patch} versions to the new
release. Save it. 2. Run ./nodejs-tarball.sh 3. Run `fedpkg new-sources nodejs-vM-m-p-stripped.tar.gz` Note: do *not* commit the unstripped tarball; it contains a bundled version of OpenSSL containing encryption algorithms of uncertain legal status. Fedora cannot include them in the SRPM. 4. Run `fedpkg prep` and examine the versions of the bundled c-ares, http_parser, punycode and npm. Update the spec file with any version changes. (The spec file contains comments directing you to the path to where you can find the versions). 4.a. If `fedpkg prep` fails to apply the patches, you will probably need to modify them. The most troublesome one is the one to use the system certificate store. You may be able to coordinate with Joseph Wang joequant@gmail.com on this if you need help. 5. Run a test build (I usually unset %{with_debug} for this, so it takes half the time). 6. Push and build in the appropriate Fedora branches. _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
On 02/06/16 07:52, Tomas Hrcka wrote:
and as you mentioned spec file seems to be in good shape thanks for that. Do you really mean LTS release? Because current LTS is 4.2 but stable is 6.2.
Yes, he meant LTS. See previous discussion on fedora-devel.
I am in contact with multiple consumers of nodejs and current stable release may be better choice for fedora. Another option is to have LTS in current fedora release and latest stable in rawhide. Stable releases are much more useful in context of fedora since its used mostly by devels and we have LTS in centos as scl.
Non-LTS releases only have a lifespan of IIRC about 9 months, and a Fedora Release has a lifespan of 13 months.
So if we don't stick to LTS then we either have to do a major version bump in a released version of Fedora or we have to backport security fixes ourselves.
That's why we reverted back to node 4 for F24 having initially tried to go to node 5.
Tom
Hello,
as a RHEL/CentOS SCL maintainer, I could spend some time maintaining Node.js in Fedora too. Between releases it might be around 10+hrs per week, otherwise I could spend around 4hrs on Fedora.
Here's the thread about LTS:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/...
We could always have COPR repo with latest release.
----- Original Message ----- From: "Tom Hughes" tom@compton.nu To: "Node.js on Fedora" nodejs@lists.fedoraproject.org Sent: Thursday, June 2, 2016 9:29:42 AM Subject: Re: Intent to orphan nodejs
On 02/06/16 07:52, Tomas Hrcka wrote:
and as you mentioned spec file seems to be in good shape thanks for that. Do you really mean LTS release? Because current LTS is 4.2 but stable is 6.2.
Yes, he meant LTS. See previous discussion on fedora-devel.
I am in contact with multiple consumers of nodejs and current stable release may be better choice for fedora. Another option is to have LTS in current fedora release and latest stable in rawhide. Stable releases are much more useful in context of fedora since its used mostly by devels and we have LTS in centos as scl.
Non-LTS releases only have a lifespan of IIRC about 9 months, and a Fedora Release has a lifespan of 13 months.
So if we don't stick to LTS then we either have to do a major version bump in a released version of Fedora or we have to backport security fixes ourselves.
That's why we reverted back to node 4 for F24 having initially tried to go to node 5.
Tom
On Jun 2, 2016, at 2:52 AM, Tomas Hrcka thrcka@redhat.com wrote:
On 06/01/2016 03:59 PM, Stephen Gallagher wrote:
On 06/01/2016 08:25 AM, Tomas Hrcka wrote: Hi,
I was responsible for nodejs in rhscl but my day job has changed.
But I do have interest in having latest stable releases of nodejs working on fedora.
I can dedicate to this work 2-4 hours per week. Now when we are shipping bundled npm and some other deps.
it may be doable for me.
At this point, I *think* I've gotten the spec file in good enough shape that updating to newer versions of Node.js should be fairly straightforward. (I'll remind people however that we've decided that Fedora will always ship the latest LTS release of Node.js in the official repositories and maintain that same version for that Fedora release.)
I was watching work you have done on nodejs, and as you mentioned spec file seems to be in good shape thanks for that. Do you really mean LTS release? Because current LTS is 4.2 but stable is 6.2. I am in contact with multiple consumers of nodejs and current stable release may be better choice for fedora. Another option is to have LTS in current fedora release and latest stable in rawhide. Stable releases are much more useful in context of fedora since its used mostly by devels and we have LTS in centos as scl.
I am volunteering in both cases.
I meant "the release that will be LTS". Looking at the release cycle, that sounds like basically each of the even-numbered releases. Having the odd-numbered ones in Rawhide is problematic, as we saw this time around, since they only have nine months of support.
The odd-numbered ones could go to a COPR, though.
The steps to update Node.js should be as follows (We should probably write this into a wiki page somewhere...)
- Modify nodejs.spec and set the nodejs_{major|minor|patch} versions to the new
release. Save it. 2. Run ./nodejs-tarball.sh 3. Run `fedpkg new-sources nodejs-vM-m-p-stripped.tar.gz` Note: do *not* commit the unstripped tarball; it contains a bundled version of OpenSSL containing encryption algorithms of uncertain legal status. Fedora cannot include them in the SRPM. 4. Run `fedpkg prep` and examine the versions of the bundled c-ares, http_parser, punycode and npm. Update the spec file with any version changes. (The spec file contains comments directing you to the path to where you can find the versions). 4.a. If `fedpkg prep` fails to apply the patches, you will probably need to modify them. The most troublesome one is the one to use the system certificate store. You may be able to coordinate with Joseph Wang joequant@gmail.com on this if you need help. 5. Run a test build (I usually unset %{with_debug} for this, so it takes half the time). 6. Push and build in the appropriate Fedora branches. _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
On 06/02/2016 12:13 PM, Stephen Gallagher wrote:
On Jun 2, 2016, at 2:52 AM, Tomas Hrcka thrcka@redhat.com wrote:
On 06/01/2016 03:59 PM, Stephen Gallagher wrote:
On 06/01/2016 08:25 AM, Tomas Hrcka wrote: Hi,
I was responsible for nodejs in rhscl but my day job has changed.
But I do have interest in having latest stable releases of nodejs working on fedora.
I can dedicate to this work 2-4 hours per week. Now when we are shipping bundled npm and some other deps.
it may be doable for me.
At this point, I *think* I've gotten the spec file in good enough shape that updating to newer versions of Node.js should be fairly straightforward. (I'll remind people however that we've decided that Fedora will always ship the latest LTS release of Node.js in the official repositories and maintain that same version for that Fedora release.)
I was watching work you have done on nodejs, and as you mentioned spec file seems to be in good shape thanks for that. Do you really mean LTS release? Because current LTS is 4.2 but stable is 6.2. I am in contact with multiple consumers of nodejs and current stable release may be better choice for fedora. Another option is to have LTS in current fedora release and latest stable in rawhide. Stable releases are much more useful in context of fedora since its used mostly by devels and we have LTS in centos as scl.
I am volunteering in both cases.
I meant "the release that will be LTS". Looking at the release cycle, that sounds like basically each of the even-numbered releases. Having the odd-numbered ones in Rawhide is problematic, as we saw this time around, since they only have nine months of support.
The odd-numbered ones could go to a COPR, though.
Thanks for clarification. I am happy to help.
The steps to update Node.js should be as follows (We should probably write this into a wiki page somewhere...)
- Modify nodejs.spec and set the nodejs_{major|minor|patch} versions to the new
release. Save it. 2. Run ./nodejs-tarball.sh 3. Run `fedpkg new-sources nodejs-vM-m-p-stripped.tar.gz` Note: do *not* commit the unstripped tarball; it contains a bundled version of OpenSSL containing encryption algorithms of uncertain legal status. Fedora cannot include them in the SRPM. 4. Run `fedpkg prep` and examine the versions of the bundled c-ares, http_parser, punycode and npm. Update the spec file with any version changes. (The spec file contains comments directing you to the path to where you can find the versions). 4.a. If `fedpkg prep` fails to apply the patches, you will probably need to modify them. The most troublesome one is the one to use the system certificate store. You may be able to coordinate with Joseph Wang joequant@gmail.com on this if you need help. 5. Run a test build (I usually unset %{with_debug} for this, so it takes half the time). 6. Push and build in the appropriate Fedora branches. _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
Hi Stephen,
As per your directions below -- for those that are truly new to the game:
Where do we checkout the current spec file? (and then push to) -- COPR and other stuff seem to generate a lot of git repositories along the way.
In step 6, when you push the updated spec file, does that build it for the various Fedora branches?
Sorry if these seem like Fedora packaging 101, just noticed nobody has responded to this E-mail chain yet.
On Wed, Jun 1, 2016 at 10:01 AM Stephen Gallagher sgallagh@redhat.com wrote:
On 06/01/2016 08:25 AM, Tomas Hrcka wrote:
Hi,
I was responsible for nodejs in rhscl but my day job has changed.
But I do have interest in having latest stable releases of nodejs
working on fedora.
I can dedicate to this work 2-4 hours per week. Now when we are shipping
bundled
npm and some other deps.
it may be doable for me.
At this point, I *think* I've gotten the spec file in good enough shape that updating to newer versions of Node.js should be fairly straightforward. (I'll remind people however that we've decided that Fedora will always ship the latest LTS release of Node.js in the official repositories and maintain that same version for that Fedora release.)
The steps to update Node.js should be as follows (We should probably write this into a wiki page somewhere...)
- Modify nodejs.spec and set the nodejs_{major|minor|patch} versions to
the new release. Save it. 2. Run ./nodejs-tarball.sh 3. Run `fedpkg new-sources nodejs-vM-m-p-stripped.tar.gz` Note: do *not* commit the unstripped tarball; it contains a bundled version of OpenSSL containing encryption algorithms of uncertain legal status. Fedora cannot include them in the SRPM. 4. Run `fedpkg prep` and examine the versions of the bundled c-ares, http_parser, punycode and npm. Update the spec file with any version changes. (The spec file contains comments directing you to the path to where you can find the versions). 4.a. If `fedpkg prep` fails to apply the patches, you will probably need to modify them. The most troublesome one is the one to use the system certificate store. You may be able to coordinate with Joseph Wang joequant@gmail.com on this if you need help. 5. Run a test build (I usually unset %{with_debug} for this, so it takes half the time). 6. Push and build in the appropriate Fedora branches. _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
On Jun 12, 2016, at 9:23 AM, Robert Van Voorhees rcvanvo@gmail.com wrote:
Hi Stephen,
As per your directions below -- for those that are truly new to the game:
Where do we checkout the current spec file? (and then push to) -- COPR and other stuff seem to generate a lot of git repositories along the way.
In step 6, when you push the updated spec file, does that build it for the various Fedora branches?
Sorry if these seem like Fedora packaging 101, just noticed nobody has responded to this E-mail chain yet.
A wealth of information on this subject can be found here: https://fedoraproject.org/wiki/Join_the_package_collection_maintainers
If you want some personal mentoring, look for me (sgallagh) in #fedora-devel on Freenode IRC and I'll help you get up to speed.
On Wed, Jun 1, 2016 at 10:01 AM Stephen Gallagher sgallagh@redhat.com wrote: On 06/01/2016 08:25 AM, Tomas Hrcka wrote:
Hi,
I was responsible for nodejs in rhscl but my day job has changed.
But I do have interest in having latest stable releases of nodejs working on fedora.
I can dedicate to this work 2-4 hours per week. Now when we are shipping bundled npm and some other deps.
it may be doable for me.
At this point, I *think* I've gotten the spec file in good enough shape that updating to newer versions of Node.js should be fairly straightforward. (I'll remind people however that we've decided that Fedora will always ship the latest LTS release of Node.js in the official repositories and maintain that same version for that Fedora release.)
The steps to update Node.js should be as follows (We should probably write this into a wiki page somewhere...)
- Modify nodejs.spec and set the nodejs_{major|minor|patch} versions to the new
release. Save it. 2. Run ./nodejs-tarball.sh 3. Run `fedpkg new-sources nodejs-vM-m-p-stripped.tar.gz` Note: do *not* commit the unstripped tarball; it contains a bundled version of OpenSSL containing encryption algorithms of uncertain legal status. Fedora cannot include them in the SRPM. 4. Run `fedpkg prep` and examine the versions of the bundled c-ares, http_parser, punycode and npm. Update the spec file with any version changes. (The spec file contains comments directing you to the path to where you can find the versions). 4.a. If `fedpkg prep` fails to apply the patches, you will probably need to modify them. The most troublesome one is the one to use the system certificate store. You may be able to coordinate with Joseph Wang joequant@gmail.com on this if you need help. 5. Run a test build (I usually unset %{with_debug} for this, so it takes half the time). 6. Push and build in the appropriate Fedora branches. _______________________________________________ nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
On 05/31/2016 09:56 AM, Stephen Gallagher wrote:
As indicated in previous emails, my new $DAYJOB responsibilities are leaving little time to spend on Node.js maintenance work. I'm happy to hang around and serve as a comaintainer, but primary maintainership in Fedora should really be picked up by someone who can dedicate more time to it.
Volunteers?
As an aside, Patches (T.C. Hollingsworth) is still listed as the primary maintainer, but he's been non-responsive for over a year now; we should probably request that FESCo orphan it so we can invest group::nodejs-sig as the official owner.
Node.js 6.2.1 is out today. Who wants to volunteer to pull it in? I'll be around on #fedora-devel to assist if there is any trouble.
On 06/03/2016 09:39 AM, Stephen Gallagher wrote:
On 05/31/2016 09:56 AM, Stephen Gallagher wrote:
As indicated in previous emails, my new $DAYJOB responsibilities are leaving little time to spend on Node.js maintenance work. I'm happy to hang around and serve as a comaintainer, but primary maintainership in Fedora should really be picked up by someone who can dedicate more time to it.
Volunteers?
As an aside, Patches (T.C. Hollingsworth) is still listed as the primary maintainer, but he's been non-responsive for over a year now; we should probably request that FESCo orphan it so we can invest group::nodejs-sig as the official owner.
Node.js 6.2.1 is out today. Who wants to volunteer to pull it in? I'll be around on #fedora-devel to assist if there is any trouble.
Folks, it's been four days and no one has stepped up to package Node.js 6.2.1. This is a problem since it *is* a security patch...
Also, we need to start talking about plans for moving EPEL away from 0.10.x. That release is only going to be supported for a few more months upstream[1] until 2016-10-01. We should probably look at putting 6.2.1 in the epel-testing repo of those branches for a few months and announcing the move widely.
On 06/07/2016 08:23 AM, Stephen Gallagher wrote:
On 06/03/2016 09:39 AM, Stephen Gallagher wrote:
On 05/31/2016 09:56 AM, Stephen Gallagher wrote:
As indicated in previous emails, my new $DAYJOB responsibilities are leaving little time to spend on Node.js maintenance work. I'm happy to hang around and serve as a comaintainer, but primary maintainership in Fedora should really be picked up by someone who can dedicate more time to it.
Volunteers?
As an aside, Patches (T.C. Hollingsworth) is still listed as the primary maintainer, but he's been non-responsive for over a year now; we should probably request that FESCo orphan it so we can invest group::nodejs-sig as the official owner.
Node.js 6.2.1 is out today. Who wants to volunteer to pull it in? I'll be around on #fedora-devel to assist if there is any trouble.
Folks, it's been four days and no one has stepped up to package Node.js 6.2.1. This is a problem since it *is* a security patch...
Sorry, forgot to include the link to the security BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1343395
Also, we need to start talking about plans for moving EPEL away from 0.10.x. That release is only going to be supported for a few more months upstream[1] until 2016-10-01. We should probably look at putting 6.2.1 in the epel-testing repo of those branches for a few months and announcing the move widely.
[1] https://github.com/nodejs/LTS#lts_schedule
nodejs mailing list nodejs@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/nodejs@lists.fedoraproject.org
On 06/03/2016 09:39 AM, Stephen Gallagher wrote:
On 05/31/2016 09:56 AM, Stephen Gallagher wrote:
As indicated in previous emails, my new $DAYJOB responsibilities are leaving little time to spend on Node.js maintenance work. I'm happy to hang around and serve as a comaintainer, but primary maintainership in Fedora should really be picked up by someone who can dedicate more time to it.
Volunteers?
As an aside, Patches (T.C. Hollingsworth) is still listed as the primary maintainer, but he's been non-responsive for over a year now; we should probably request that FESCo orphan it so we can invest group::nodejs-sig as the official owner.
Node.js 6.2.1 is out today. Who wants to volunteer to pull it in? I'll be around on #fedora-devel to assist if there is any trouble.
Just a heads-up to whoever ends up making the next update, there is a security release incoming on Thursday, June 16th. More information can be found here[1]. (Also, all nodejs package maintainers should subscribe[2] to the nodejs-sec announcement list to be forewarned about such things).
[1] https://groups.google.com/forum/#!topic/nodejs-sec/pnACRfB7LBI [2] https://groups.google.com/forum/#!forum/nodejs-sec
On Mon, Jun 13, 2016 at 10:24 AM, Stephen Gallagher sgallagh@redhat.com wrote:
ust a heads-up to whoever ends up making the next update, there is a security release incoming on Thursday, June 16th.
FWIW, it looks like the security announcement has been pushed back to Thursday, the 23rd of June, 2016.
-Jared
nodejs@lists.fedoraproject.org
-
Jared K. Smith -
Matthias Runge -
Robert Van Voorhees -
Stephen Gallagher -
Tom Hughes -
Tomas Hrcka -
Zuzana Svetlikova