Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs

Am 14.11.2021 um 18:00 schrieb Po-Chuan Hsieh:
> Please revert the nodejs change.
> It is not approved.
> It should be committed after being accepted by all parties.
> As I mentioned in the review, I disagreed with the change of the 
> default from www/node to www/node16.

could you please let me know what is broken, then I will look into it?

The modification has not only unbroken gitlab but also fixed many other 
software packages (that are not part of ports) but do not work with node17.

If you install gitlab or any other port that depends on nodejs it will 
enforce an installation of nodejs 17 and the user does not have any 
possibility to have a work-around.

Now we are on a stable and by best practice recommended version of 
nodejs and if this version is not new enough for you, just change the 
default version in make.conf or use a specific version of npm 
(npm-node17) to pull in the current version of nodejs.
Normally development version (like nodejs version 17) are marked with a 
`-dev` in the package name.

Maybe it is a good idea to change www/node to www/node-dev, to make it 
clear for the normal user, that this port is not recommended for usage 
on production environment. Maybe Bradley can also comment on this, as he 
maintain the nodejs ports.


>
> Please do not change the world solely to fit gitlab's needs.

so it is ok, that users are enforced to use software that has security 
vulnerabilities (there was one vulnerability rated 8.7)?

Gruß
Matthias

-- 

"Programming today is a race between software engineers striving to
build bigger and better idiot-proof programs, and the universe trying to
produce bigger and better idiots. So far, the universe is winning." --
Rich Cook