13:04:27 <mvollmer> #startmeeting meeting 13:04:28 <zodbot> Meeting started Mon Sep 18 13:04:27 2017 UTC. The chair is mvollmer. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:04:28 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic. 13:04:28 <zodbot> The meeting name has been set to 'meeting' 13:04:35 <andreasn1> .hello andreasn 13:04:35 <mvollmer> .hello mvo 13:04:35 <zodbot> andreasn1: andreasn 'Andreas Nilsson' <anilsson@redhat.com> 13:04:38 <zodbot> mvollmer: mvo 'Marius Vollmer' <marius.vollmer@gmail.com> 13:04:41 <larsu> .hello larsu 13:04:42 <zodbot> larsu: larsu 'Lars Karlitski' <lars@karlitski.net> 13:05:03 <pitti> .hello martinpitt 13:05:04 <zodbot> pitti: martinpitt 'Martin Pitt' <martin@piware.de> 13:05:09 <garrett> .hello garrett 13:05:10 <zodbot> garrett: garrett 'Garrett LeSage' <garrett@lesage.us> 13:05:21 <stefw> .hello stefw 13:05:23 <zodbot> stefw: stefw 'Stef Walter' <stefw@redhat.com> 13:05:41 <mvollmer> #topic Agenda 13:06:13 <stefw> * Node style micro-dependencies 13:07:07 <mvollmer> * Honolulu 13:09:46 <pitti> (nothing from me, FTR) 13:09:47 <mvollmer> #topic Node style micro-dependencies 13:10:25 <stefw> The oVirt machines code started using various dependencies in the nodejs style, where tiny little dependencies were brought into javascript 13:10:35 <stefw> to perform basic tasks 13:10:52 <larsu> leftpad! 13:10:54 <stefw> so far all our dependencies in the browser have been already compiled larger dependencies such as d3 or react 13:11:25 <stefw> so i wanted to check with everyone if we're okay with teh node style dependencies and greatly ballooning our number of included nodejs modules 13:12:10 <larsu> it already takes a while to fetch the dependecies 13:12:17 <pitti> I'm not sure I understand - is this something qualitatively new, or just "more" npm modules? 13:12:32 <larsu> but I guess this is how people develop javascript... 13:12:40 <stefw> so far the npm modules we've included have already been compiled for a browser 13:12:57 <stefw> and just included in npm for expediency and package management 13:13:10 <stefw> so this is qualitatively new 13:13:23 <pitti> oh, like "npm install" alreayd fetches pre-compiled/minified stuff 13:13:29 <stefw> pitti, yes 13:13:31 <pitti> and these need to be built first 13:13:33 <stefw> so it's been a semantic difference 13:13:41 <stefw> webpack handles the building just fine 13:13:44 * stefw looks for some data 13:14:32 <stefw> the commits are now removed that did this to the oVirt Machines pull request 13:15:39 <stefw> instead of about 15 dependencies 13:15:47 <stefw> this likely will increase the number into hundreds 13:16:04 <pitti> urgh 13:16:08 <mvollmer> can we trust them? to have a good license etc? 13:16:13 <stefw> well lets clarify that ... each of teh 20 dependencies that we currently pull in 13:16:15 <mvollmer> that would be my objection 13:16:34 <stefw> are in many cases already built out of many others ... even hundreds 13:16:37 <mvollmer> I can trust react etc, but just hundreds of random things, each with a different author, dunno 13:16:43 <stefw> but someone else has taken that step of bringing them together 13:16:50 <pitti> it's also a general drag on building, CI, and the bots constantly updating deps 13:17:16 <stefw> npm likes to nest dependencies ... so it's not that the CI would slow down exponentially or the updating either 13:17:45 <stefw> although it's true that we would be vetting smaller portions of code so there is more micromanagement involved 13:19:36 <petervo> do we know what the higher level dependency is? 13:19:57 <petervo> the one that requires these other packages 13:20:05 <stefw> the ovirt code itself 13:20:20 <stefw> as in these other dependencies are used directly from the pkg/ovirt/ code 13:21:24 <stefw> actually the pull request seems to have changed ... so this may change this into a theoretical discussion 13:22:03 <petervo> well he pulled out those deps 13:22:13 <stefw> where did they go ... did he remove the need for them? 13:22:15 <petervo> but the build fails on semephore 13:22:36 <petervo> because on older versions of node 13:22:41 <mvollmer> so I guess my question is: is npm more like Debian/Fedora, or my like MegaUpload? 13:22:42 <petervo> they aren't pulled in 13:22:59 <petervo> MegaUpload 13:23:08 <mvollmer> right 13:23:29 <mvollmer> but we trust that we get a good react version from it, right? 13:24:00 <stefw> we currently trust that the react-lite version will only change when the react-lite developers touch it 13:24:04 <petervo> these are the deps that get installed with nodejs > 6 13:24:08 <petervo> https://github.com/cockpit-project/cockpit/commit/4e96dc614117d9dbb258366b23bb2487a08efd32 13:24:21 <petervo> but not with older versions 13:24:34 <stefw> how do they get installed with nodejs > 6? 13:24:39 <stefw> what is the mechanism for declaring them? 13:24:48 <petervo> npm behaves differently 13:24:52 <petervo> and pulls them in 13:25:05 <stefw> so something else depends on them? 13:25:08 <petervo> because it resolves sub dependencies 13:25:20 <petervo> yes 13:25:34 <stefw> why wasn't this a problem before? 13:26:05 <petervo> we weren't using anything that had a bunch of sub deps like this 13:26:08 <stefw> ah react-router-dom 13:26:15 <stefw> and react-router 13:26:16 <petervo> yep 13:26:25 <stefw> and we never actually used React 13:26:28 <stefw> we used react-lite 13:27:38 <petervo> yeah that looks right 13:27:48 <stefw> well i guess we can think about this more ... not sure we'll reach a conclusion here ... but it does affect open pull requests 13:30:34 <mvollmer> I think we have to find a way to work with these micro-dependencies 13:31:19 <mvollmer> next topic? 13:31:37 <stefw> sure although we have to come up with mechanisms to distribute licenses 13:32:02 <stefw> and handle sub-dependencies effectively 13:32:29 <stefw> because we are distributing A+B+C+D+E 13:32:44 <mvollmer> "cockpit the distribution" 13:32:45 <stefw> instead of just distribing M ... where someone else did M = A+B+C+D+E 13:35:04 <mvollmer> alright, next? 13:35:24 <stefw> next 13:35:28 <mvollmer> #topic Honolulu 13:35:39 <mvollmer> just to synch 13:35:51 <mvollmer> so there is this: https://arstechnica.com/gadgets/2017/09/microsoft-building-a-new-graphical-interface-for-managing-windows-servers/ 13:35:57 <mvollmer> i think it's pretty cool 13:36:59 <stefw> they're copying cockpit 13:37:00 <mvollmer> what do y'all think? :-) 13:37:09 <andreasn1> any more info on that apart from the Ars article? 13:37:19 <pitti> I saw it last week (pointed out by sgallagh), looked familiar :0 13:37:21 <petervo> i'd like to see the source :D 13:38:07 <larsu> petervo: Ctrl+U! 13:38:38 <garrett> search probably makes sense 13:39:04 <garrett> especially as the feature list keeps growing 13:39:19 <garrett> (it's in the screenshot) 13:40:06 <mvollmer> can we spin this into some good pr for us? 13:42:07 <stefw> i think so ... does jberkus have ideas there? 13:42:11 <stefw> anyone up for pinging him? 13:42:26 <petervo> i can do that 13:46:06 <mvollmer> great! 13:46:20 <mvollmer> #topic Open floor 13:47:27 <garrett> FWIW: the Cockpit website has the Guide indexed for search now 13:47:41 <garrett> meaning if you're looking for something specific in the documentation, you can look there to find it 13:47:42 <mvollmer> nice! 13:47:53 <garrett> I fixed a few bugs this morning to make it even better 13:48:18 <garrett> (stefw implemented the header fix the end of last week to get the documents indexed) 13:49:28 <garrett> if you want to search the guide or blog specifically, just put "guide" or "blog" in the terms and it'll prioritize those 13:49:54 <garrett> but everything is mixed in and optimized to show you the most likely matches 13:54:23 <mvollmer> alright! 13:54:28 <mvollmer> thanks everyone! 13:54:33 <mvollmer> #endmeeting