Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs

Reply: Matthias Fechner : "Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs"
Reply: Matthias Fechner : "Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs"
Reply: Mathieu Arnold : "Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs"
In reply to: Matthias Fechner : "Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Po-Chuan Hsieh <sunpoet_at_freebsd.org>
Date: Sun, 21 Nov 2021 21:18:45 UTC

On Mon, Nov 15, 2021 at 4:16 PM Matthias Fechner <mfechner@freebsd.org>
wrote:

> Am 14.11.2021 um 18:00 schrieb Po-Chuan Hsieh:
> > Please revert the nodejs change.
> > It is not approved.
> > It should be committed after being accepted by all parties.
> > As I mentioned in the review, I disagreed with the change of the
> > default from www/node to www/node16.
>
> could you please let me know what is broken, then I will look into it?
>
> The modification has not only unbroken gitlab but also fixed many other
> software packages (that are not part of ports) but do not work with node17.
>
> If you install gitlab or any other port that depends on nodejs it will
> enforce an installation of nodejs 17 and the user does not have any
> possibility to have a work-around.


> Now we are on a stable and by best practice recommended version of
> nodejs and if this version is not new enough for you, just change the
> default version in make.conf or use a specific version of npm
> (npm-node17) to pull in the current version of nodejs.
> Normally development version (like nodejs version 17) are marked with a
> `-dev` in the package name.
>
> Maybe it is a good idea to change www/node to www/node-dev, to make it
> clear for the normal user, that this port is not recommended for usage
> on production environment. Maybe Bradley can also comment on this, as he
> maintain the nodejs ports.
>
>
> >
> > Please do not change the world solely to fit gitlab's needs.
>
> so it is ok, that users are enforced to use software that has security
> vulnerabilities (there was one vulnerability rated 8.7)?
>

Don't get me wrong.
Adding USES=nodejs is one thing. Changing the default nodejs is another
thing.
We need more work before changing the default.
For example, it is really weird to have 4 npm ports, www/npm and
www/npm-node{14,16,17}, now.

My point is, you did this just because gitlab does not support node 17.
Even so, you should always find a less aggressive way to fix things.
Your first trial did break rubygem-rails60.
Your second trial which is unnecessary just affects lots of ports.
And it is not accepted/approved.

Here's the patch [1] which does not have www/node in gitlab's dependencies.
I'll commit it later.

[1] https://people.FreeBSD.org/~sunpoet/patch/node.txt


>
> Gruß
> Matthias
>
> --
>
> "Programming today is a race between software engineers striving to
> build bigger and better idiot-proof programs, and the universe trying to
> produce bigger and better idiots. So far, the universe is winning." --
> Rich Cook
>
>