[rdo-list] TripleO UI Packaging Strategy

Haïkel hguemar at fedoraproject.org
Mon Jul 18 18:32:29 UTC 2016


2016-07-18 19:30 GMT+02:00 Honza Pokorny <honza at redhat.com>:
> On 2016-07-15 18:29, Haďkel wrote:
>> 2016-07-15 17:31 GMT+02:00 Dougal Matthews <dougal at redhat.com>:
>> > On 15 July 2016 at 16:27, David Moreau Simard <dms at redhat.com> wrote:
>> >>
>> >> I think TripleO-UI can draw from a lot of the work that has been done
>> >> in Horizon packaging [1] (adding mrunge).
>> >>
>> >> You can see that most of the libraries are made available through
>> >> xstatic python packages, for example jquery.
>> >> If there are missing libraries they need to be highlighted so we can
>> >> package them.
>> >
>> >
>> > Due to the UI being built in react and using the npm ecosystem I think it
>> > has over 800 dependent packages. I'm not sure that doing them all
>> > individually is realistic.
>> >
>>
>> Realistic or not, we are *compelled* to review licensing for each
>> dependencies we ship.
>
> I have just reviewed all of our direct and indirect dependencies and
> their licenses.  There are only two indirect dependencies that could
> cause problems.  Both of these are released under the GPL.
>
> One of them is a dependency of gulp, and we're in the process of
> removing gulp.
>
> The other is actually dually licensed under the GPL and MIT.
>
> Haďkel, is there a formal process for ensuring that all licensing
> matters are in order?  Surely, my say-so isn't going to be enough.
>

First step is to open a package review in RHBZ under the RDO product.
Then, we'll use licensecheck to check license and some manual check.
We can relax unbundling rules to a certain extent, so it should not be
a problem.


Providing a dependency list with licenses as Jason did on irc does help.
http://paste.fedoraproject.org/392229/14688610/

GPLv3 (or later) is compatible with ASL 2.0, so it should not be a problem.
And the only GPLv2 dependency is also MIT licensed so it's ok.


What I'm worried about is the minification/compression toolchain that
may rely on non-free tools.
Removing gulp may help reducing hazard in that area.

Regards,
H.





>> I'm not sure we'll be able to ship this in time for GA, considering
>> that we passed M2.
>>
>> We can relax unbunding rules to a certain point but we also need to
>> review the minifying toolchain even if it's not yet packaged.
>> We're not allowed to ship minified javascript through minifiers that
>> are not acceptable (e.g Google Closure compiler).
>> There's a limit of how we can reduce the reviewing churn.
>>
>> Regards,
>> H.
>>
>> >
>> >> [1]: https://github.com/rdo-packages/horizon-distgit
>> >>
>> >> David Moreau Simard
>> >> Senior Software Engineer | Openstack RDO
>> >>
>> >> dmsimard = [irc, github, twitter]
>> >>
>> >>
>> >> On Fri, Jul 15, 2016 at 10:56 AM, Jason Rist <jrist at redhat.com> wrote:
>> >> > Hey everyone - we are trying to think about our packaging strategy for
>> >> > the TripleO UI and would like some feedback.  Feel free to yell
>> >> > regarding the details as this is high priority.
>> >> >
>> >> > The plan:
>> >> >
>> >> > 1.) Create a spec file for the RPM that includes the pre-compiled
>> >> > (minified, production ready) javascript application.
>> >> > 2.) Push new repository to review RDO repositories
>> >> > RTFM:
>> >> >
>> >> > https://www.rdoproject.org/documentation/rdo-packaging/#how-to-add-a-new-package-to-rdo-trunk
>> >> > 3.) Have people review said package here:
>> >> > https://review.rdoproject.org/r/#/q/status:open
>> >> > 4.) Add info to
>> >> > https://github.com/redhat-openstack/rdoinfo/blob/master/rdo.yml
>> >> > 5.) Package appears in trunk delorean
>> >> >
>> >> >
>> >> > We talked a little and we are thinking that the UI will be able to be
>> >> > installed without the dependency of mistral and zaqar since those are
>> >> > connected services rather than binary dependencies.
>> >> >
>> >> > We are going to try that as a first pass and then iterate.
>> >> >
>> >> > We are targeting next week for this work and already have the beginning
>> >> > of #1, so I am confident we'll be able to begin iterating on the
>> >> > packaging setup.
>> >> >
>> >> > Please let me know if you have any questions.
>> >> >
>> >> > Thanks!
>> >> > Jason
>> >> > --
>> >> > Jason E. Rist
>> >> > Senior Software Engineer
>> >> > OpenStack User Interfaces
>> >> > Red Hat, Inc.
>> >> > openuc: +1.972.707.6408
>> >> > mobile: +1.720.256.3933
>> >> > Freenode: jrist
>> >> > github/twitter: knowncitizen
>> >> >
>> >> > _______________________________________________
>> >> > rdo-list mailing list
>> >> > rdo-list at redhat.com
>> >> > https://www.redhat.com/mailman/listinfo/rdo-list
>> >> >
>> >> > To unsubscribe: rdo-list-unsubscribe at redhat.com
>> >>
>> >> _______________________________________________
>> >> rdo-list mailing list
>> >> rdo-list at redhat.com
>> >> https://www.redhat.com/mailman/listinfo/rdo-list
>> >>
>> >> To unsubscribe: rdo-list-unsubscribe at redhat.com
>> >
>> >
>> >
>> > _______________________________________________
>> > rdo-list mailing list
>> > rdo-list at redhat.com
>> > https://www.redhat.com/mailman/listinfo/rdo-list
>> >
>> > To unsubscribe: rdo-list-unsubscribe at redhat.com
>>
>> _______________________________________________
>> rdo-list mailing list
>> rdo-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/rdo-list
>>
>> To unsubscribe: rdo-list-unsubscribe at redhat.com




More information about the rdo-list mailing list