#cockpit log

13:04:27 <mvollmer> #startmeeting meeting
13:04:28 <zodbot> Meeting started Mon Sep 18 13:04:27 2017 UTC.  The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:04:28 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
13:04:28 <zodbot> The meeting name has been set to 'meeting'
13:04:35 <andreasn1> .hello andreasn
13:04:35 <mvollmer> .hello mvo
13:04:35 <zodbot> andreasn1: andreasn 'Andreas Nilsson' <anilsson@redhat.com>
13:04:38 <zodbot> mvollmer: mvo 'Marius Vollmer' <marius.vollmer@gmail.com>
13:04:41 <larsu> .hello larsu
13:04:42 <zodbot> larsu: larsu 'Lars Karlitski' <lars@karlitski.net>
13:05:03 <pitti> .hello martinpitt
13:05:04 <zodbot> pitti: martinpitt 'Martin Pitt' <martin@piware.de>
13:05:09 <garrett> .hello garrett
13:05:10 <zodbot> garrett: garrett 'Garrett LeSage' <garrett@lesage.us>
13:05:21 <stefw> .hello stefw
13:05:23 <zodbot> stefw: stefw 'Stef Walter' <stefw@redhat.com>
13:05:41 <mvollmer> #topic Agenda
13:06:13 <stefw> * Node style micro-dependencies
13:07:07 <mvollmer> * Honolulu
13:09:46 <pitti> (nothing from me, FTR)
13:09:47 <mvollmer> #topic Node style micro-dependencies
13:10:25 <stefw> The oVirt machines code started using various dependencies in the nodejs style, where tiny little dependencies were brought into javascript
13:10:35 <stefw> to perform basic tasks
13:10:52 <larsu> leftpad!
13:10:54 <stefw> so far all our dependencies in the browser have been already compiled larger dependencies such as d3 or react
13:11:25 <stefw> so i wanted to check with everyone if we're okay with teh node style dependencies and greatly ballooning our number of included nodejs modules
13:12:10 <larsu> it already takes a while to fetch the dependecies
13:12:17 <pitti> I'm not sure I understand - is this something qualitatively new, or just "more" npm modules?
13:12:32 <larsu> but I guess this is how people develop javascript...
13:12:40 <stefw> so far the npm modules we've included have already been compiled for a browser
13:12:57 <stefw> and just included in npm for expediency and package management
13:13:10 <stefw> so this is qualitatively new
13:13:23 <pitti> oh, like "npm install" alreayd fetches pre-compiled/minified stuff
13:13:29 <stefw> pitti, yes
13:13:31 <pitti> and these need to be built first
13:13:33 <stefw> so it's been a semantic difference
13:13:41 <stefw> webpack handles the building just fine
13:13:44 * stefw looks for some data
13:14:32 <stefw> the commits are now removed that did this to the oVirt Machines pull request
13:15:39 <stefw> instead of about 15 dependencies
13:15:47 <stefw> this likely will increase the number into hundreds
13:16:04 <pitti> urgh
13:16:08 <mvollmer> can we trust them?  to have a good license etc?
13:16:13 <stefw> well lets clarify that ... each of teh 20 dependencies that we currently pull in
13:16:15 <mvollmer> that would be my objection
13:16:34 <stefw> are in many cases already built out of many others ... even hundreds
13:16:37 <mvollmer> I can trust react etc, but just hundreds of random things, each with a different author, dunno
13:16:43 <stefw> but someone else has taken that step of bringing them together
13:16:50 <pitti> it's also a general drag on building, CI, and the bots constantly updating deps
13:17:16 <stefw> npm likes to nest dependencies ... so it's not that the CI would slow down exponentially or the updating either
13:17:45 <stefw> although it's true that we would be vetting smaller portions of code so there is more micromanagement involved
13:19:36 <petervo> do we know what the higher level dependency is?
13:19:57 <petervo> the one that requires these other packages
13:20:05 <stefw> the ovirt code itself
13:20:20 <stefw> as in these other dependencies are used directly from the pkg/ovirt/ code
13:21:24 <stefw> actually the pull request seems to have changed ... so this may change this into a theoretical discussion
13:22:03 <petervo> well he pulled out those deps
13:22:13 <stefw> where did they go ... did he remove the need for them?
13:22:15 <petervo> but the build fails on semephore
13:22:36 <petervo> because on older versions of node
13:22:41 <mvollmer> so I guess my question is: is npm more like Debian/Fedora, or my like MegaUpload?
13:22:42 <petervo> they aren't pulled in
13:22:59 <petervo> MegaUpload
13:23:08 <mvollmer> right
13:23:29 <mvollmer> but we trust that we get a good react version from it, right?
13:24:00 <stefw> we currently trust that the react-lite version will only change when the react-lite developers touch it
13:24:04 <petervo> these are the deps that get installed with nodejs > 6
13:24:08 <petervo> https://github.com/cockpit-project/cockpit/commit/4e96dc614117d9dbb258366b23bb2487a08efd32
13:24:21 <petervo> but not with older versions
13:24:34 <stefw> how do they get installed with nodejs > 6?
13:24:39 <stefw> what is the mechanism for declaring them?
13:24:48 <petervo> npm behaves differently
13:24:52 <petervo> and pulls them in
13:25:05 <stefw> so something else depends on them?
13:25:08 <petervo> because it resolves sub dependencies
13:25:20 <petervo> yes
13:25:34 <stefw> why wasn't this a problem before?
13:26:05 <petervo> we weren't using anything that had a bunch of sub deps like this
13:26:08 <stefw> ah react-router-dom
13:26:15 <stefw> and react-router
13:26:16 <petervo> yep
13:26:25 <stefw> and we never actually used React
13:26:28 <stefw> we used react-lite
13:27:38 <petervo> yeah that looks right
13:27:48 <stefw> well i guess we can think about this more ... not sure we'll reach a conclusion here ... but it does affect open pull requests
13:30:34 <mvollmer> I think we have to find a way to work with these micro-dependencies
13:31:19 <mvollmer> next topic?
13:31:37 <stefw> sure although we have to come up with mechanisms to distribute licenses
13:32:02 <stefw> and handle sub-dependencies effectively
13:32:29 <stefw> because we are distributing A+B+C+D+E
13:32:44 <mvollmer> "cockpit the distribution"
13:32:45 <stefw> instead of just distribing M ... where someone else did M = A+B+C+D+E
13:35:04 <mvollmer> alright, next?
13:35:24 <stefw> next
13:35:28 <mvollmer> #topic Honolulu
13:35:39 <mvollmer> just to synch
13:35:51 <mvollmer> so there is this: https://arstechnica.com/gadgets/2017/09/microsoft-building-a-new-graphical-interface-for-managing-windows-servers/
13:35:57 <mvollmer> i think it's pretty cool
13:36:59 <stefw> they're copying cockpit
13:37:00 <mvollmer> what do y'all think? :-)
13:37:09 <andreasn1> any more info on that apart from the Ars article?
13:37:19 <pitti> I saw it last week (pointed out by sgallagh), looked familiar :0
13:37:21 <petervo> i'd like to see the source :D
13:38:07 <larsu> petervo: Ctrl+U!
13:38:38 <garrett> search probably makes sense
13:39:04 <garrett> especially as the feature list keeps growing
13:39:19 <garrett> (it's in the screenshot)
13:40:06 <mvollmer> can we spin this into some good pr for us?
13:42:07 <stefw> i think so ... does jberkus have ideas there?
13:42:11 <stefw> anyone up for pinging him?
13:42:26 <petervo> i can do that
13:46:06 <mvollmer> great!
13:46:20 <mvollmer> #topic Open floor
13:47:27 <garrett> FWIW: the Cockpit website has the Guide indexed for search now
13:47:41 <garrett> meaning if you're looking for something specific in the documentation, you can look there to find it
13:47:42 <mvollmer> nice!
13:47:53 <garrett> I fixed a few bugs this morning to make it even better
13:48:18 <garrett> (stefw implemented the header fix the end of last week to get the documents indexed)
13:49:28 <garrett> if you want to search the guide or blog specifically, just put "guide" or "blog" in the terms and it'll prioritize those
13:49:54 <garrett> but everything is mixed in and optimized to show you the most likely matches
13:54:23 <mvollmer> alright!
13:54:28 <mvollmer> thanks everyone!
13:54:33 <mvollmer> #endmeeting