From nobody Mon Nov 15 08:16:26 2021 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 8F55C184F762; Mon, 15 Nov 2021 08:16:35 +0000 (UTC) (envelope-from SRS0=eSeV=QC=FreeBSD.org=mfechner@anny.lostinspace.de) Received: from anny.lostinspace.de (anny.lostinspace.de [195.30.95.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Ht28g2pl5z4pbK; Mon, 15 Nov 2021 08:16:35 +0000 (UTC) (envelope-from SRS0=eSeV=QC=FreeBSD.org=mfechner@anny.lostinspace.de) Received: from server.idefix.lan (131-136-067-156.ip-addr.inexio.net [156.67.136.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: idefix@fechner.net) by anny.lostinspace.de (Postfix) with ESMTPSA id DB8B18F3E2; Mon, 15 Nov 2021 09:16:26 +0100 (CET) Received: from [IPV6:2a02:6d40:36c4:7d01:39cf:cd91:b600:4568] (unknown [IPv6:2a02:6d40:36c4:7d01:39cf:cd91:b600:4568]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by server.idefix.lan (Postfix) with ESMTPSA id 725D275584C; Mon, 15 Nov 2021 09:16:26 +0100 (CET) Message-ID: Date: Mon, 15 Nov 2021 09:16:26 +0100 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.3.0 Subject: Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs Content-Language: en-US To: Po-Chuan Hsieh , bradleythughes@fastmail.fm Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org References: <202111120555.1AC5tGbw088641@gitrepo.freebsd.org> From: Matthias Fechner In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Server: anny.lostinspace.de X-Rspamd-Queue-Id: 4Ht28g2pl5z4pbK X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-Spam: Yes X-ThisMailContainsUnwantedMimeParts: N Am 14.11.2021 um 18:00 schrieb Po-Chuan Hsieh: > Please revert the nodejs change. > It is not approved. > It should be committed after being accepted by all parties. > As I mentioned in the review, I disagreed with the change of the > default from www/node to www/node16. could you please let me know what is broken, then I will look into it? The modification has not only unbroken gitlab but also fixed many other software packages (that are not part of ports) but do not work with node17. If you install gitlab or any other port that depends on nodejs it will enforce an installation of nodejs 17 and the user does not have any possibility to have a work-around. Now we are on a stable and by best practice recommended version of nodejs and if this version is not new enough for you, just change the default version in make.conf or use a specific version of npm (npm-node17) to pull in the current version of nodejs. Normally development version (like nodejs version 17) are marked with a `-dev` in the package name. Maybe it is a good idea to change www/node to www/node-dev, to make it clear for the normal user, that this port is not recommended for usage on production environment. Maybe Bradley can also comment on this, as he maintain the nodejs ports. > > Please do not change the world solely to fit gitlab's needs. so it is ok, that users are enforced to use software that has security vulnerabilities (there was one vulnerability rated 8.7)? Gruß Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook