From nobody Sun Nov 21 21:18:45 2021 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 63ACE188BD8F for ; Sun, 21 Nov 2021 21:19:26 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hy3F927rgz3qgL for ; Sun, 21 Nov 2021 21:19:24 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: from mail-qv1-f46.google.com (mail-qv1-f46.google.com [209.85.219.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) (Authenticated sender: sunpoet) by smtp.freebsd.org (Postfix) with ESMTPSA id EC33F2F487 for ; Sun, 21 Nov 2021 21:19:22 +0000 (UTC) (envelope-from sunpoet@freebsd.org) Received: by mail-qv1-f46.google.com with SMTP id a24so11121258qvb.5 for ; Sun, 21 Nov 2021 13:19:22 -0800 (PST) X-Gm-Message-State: AOAM530GsKy3WuWpbst288/wqKfB9jxYejJUNampPs5uDmy9gaam0slD B10dkYcigsLDa9KrPeKjq3Puf9IHO/abPoqkUeOyRw== X-Google-Smtp-Source: ABdhPJx8inFxIHN6xoiLP9vzLFa6gNkHEHEo1eitgs0wxEVs6by077I4QDxsV8Fb+DdqjKvBtZXybZVqe0wpcXaOwRY= X-Received: by 2002:ad4:4f0a:: with SMTP id fb10mr96188725qvb.40.1637529562435; Sun, 21 Nov 2021 13:19:22 -0800 (PST) List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 References: <202111120555.1AC5tGbw088641@gitrepo.freebsd.org> In-Reply-To: From: Po-Chuan Hsieh Date: Mon, 22 Nov 2021 05:18:45 +0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: git: 46ce086c7130 - main - Mk/Uses: default version for nodejs To: Matthias Fechner Cc: bradleythughes@fastmail.fm, ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Content-Type: multipart/alternative; boundary="000000000000e0ed2c05d1530f1d" X-ThisMailContainsUnwantedMimeParts: N --000000000000e0ed2c05d1530f1d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Nov 15, 2021 at 4:16 PM Matthias Fechner wrote: > Am 14.11.2021 um 18:00 schrieb Po-Chuan Hsieh: > > Please revert the nodejs change. > > It is not approved. > > It should be committed after being accepted by all parties. > > As I mentioned in the review, I disagreed with the change of the > > default from www/node to www/node16. > > could you please let me know what is broken, then I will look into it? > > The modification has not only unbroken gitlab but also fixed many other > software packages (that are not part of ports) but do not work with node1= 7. > > If you install gitlab or any other port that depends on nodejs it will > enforce an installation of nodejs 17 and the user does not have any > possibility to have a work-around. > Now we are on a stable and by best practice recommended version of > nodejs and if this version is not new enough for you, just change the > default version in make.conf or use a specific version of npm > (npm-node17) to pull in the current version of nodejs. > Normally development version (like nodejs version 17) are marked with a > `-dev` in the package name. > > Maybe it is a good idea to change www/node to www/node-dev, to make it > clear for the normal user, that this port is not recommended for usage > on production environment. Maybe Bradley can also comment on this, as he > maintain the nodejs ports. > > > > > > Please do not change the world solely to fit gitlab's needs. > > so it is ok, that users are enforced to use software that has security > vulnerabilities (there was one vulnerability rated 8.7)? > Don't get me wrong. Adding USES=3Dnodejs is one thing. Changing the default nodejs is another thing. We need more work before changing the default. For example, it is really weird to have 4 npm ports, www/npm and www/npm-node{14,16,17}, now. My point is, you did this just because gitlab does not support node 17. Even so, you should always find a less aggressive way to fix things. Your first trial did break rubygem-rails60. Your second trial which is unnecessary just affects lots of ports. And it is not accepted/approved. Here's the patch [1] which does not have www/node in gitlab's dependencies. I'll commit it later. [1] https://people.FreeBSD.org/~sunpoet/patch/node.txt > > Gru=C3=9F > Matthias > > -- > > "Programming today is a race between software engineers striving to > build bigger and better idiot-proof programs, and the universe trying to > produce bigger and better idiots. So far, the universe is winning." -- > Rich Cook > > --000000000000e0ed2c05d1530f1d--