#38 Meeting #8 on 2019-07-23
Closed 2 years ago by decathorpe. Opened 2 years ago by decathorpe.

  • When: 2019-07-23 at 15:00 UTC
  • Where: #fedora-meeting-1 on freenode

Agenda

  • Discuss newly orphaned packages that SIG packages depend on

See: https://churchyard.fedorapeople.org/orphans.txt

apache-commons-vfs
    ← apache-commons-configuration, apache-ivy, gradle, maven-doxia, ant-contrib, groovy, xmvn
google-oauth-java-client
    ← gradle
jasperreports
    ← springframework-beans
        ← google-guice, snakeyaml, xbean
lz4-java
    ← netty
mina-ftpserver
    ← apache-commons-vfs
        ← apache-commons-configuration, apache-ivy, gradle, maven-doxia, ant-contrib, groovy, xmvn
spock
    ← testng
        ← bean-validation-api, beust-jcommander, dain-snappy, easymock, gradle, groovy, istack-commons, jboss-marshaling, sisu
springframework
    ← google-guice, snakeyaml, xbean
testng
    bean-validation-api, beust-jcommander, dain-snappy, easymock, gradle, groovy, istack-commons, jboss-marshaling, sisu
tiles
     ← springframework
        ← google-guice, snakeyaml, xbean
  • Discuss possibility of dropping springframework (Issue#37)

The whole springframework stack has recently been orphaned as part of a non-responsive maintainer procedure, and its packages will probably be retired - either by the upcoming FTBFS cleanup, or the orphan cleanup procedures - in a few weeks. We could easily drop support for spring in some of our packages (by flipping bconds in guice, snakeyaml, xbean, etc.), which would undo some circular dependencies, and would let us drop a number of packages.

Related: releng#8498

  • Discuss possibility of dropping gradle (Issue#35)

There are some packages in fedora that still require gradle for building, but I don't see how we can keep maintaining gradle ourselves (it's already not installable on arm7hl and i686 anymore), and it's massively out of date. Either packages / packagers depending on gradle need to step up and get gradle up to speed, or we need to drop it. I don't think the current state is sustainable.

  • Discuss possibility of dropping JBoss packages (Issue#33)

A lot of JBoss packages are pulled in by very few dependencies. It would be nice if we could get rid of them, since we're not actually interested in maintaining parts of the JBoss / Wildfly stack.

There's still a number of "good" Pull Requests ready for review and merging.

"Good" PRs ready for review

  • maven-wagon: update to version 3.3.3 PR
  • xmlunit: update to version 2.6.2 PR
  • xmvn: port to xmlunit 2 PR
  • plexus-io: update to version 33.1.1 PR
  • apache-commons-collections4: update to version 4.4 PR
  • apache-logging-parent: update to version 2 PR
  • apache-mime4j: update to version 0.8.3 PR
  • apache-rat: update to version 0.13 PR
  • ant: update to version 1.10.6 PR

The PRs for xmlunit and xmvn are requirements for updating maven to the 3.6 branch eventually (which is what's already available from the maven-3.6 module).


Add to the agenda: Orphaned packages needed by the SIG:

https://churchyard.fedorapeople.org/orphans.txt

google-oauth-java-client, tiles, jeromq, mina-ftpserver, jasperreports, spock, httpcomponents-asyncclient, springframework, lz4-java

@churchyard thanks, I've added it to the agenda, and I've included the dependency chains that are causing the dependencies.

Still, jeromq and httpcomponents-asyncclient are definitely false positives, since you yourself disabled dependencies for both jeromq and cassandra (→ httpcomponents-client) when you flipped the jp_minimal bcond in log4j some time ago.

This is definitively weird:

Depending on: jeromq (33), status change: 2019-07-12 (1 weeks ago)
    log4j (maintained by: decathorpe, devrim, mizdebsk, stewardship-sig)
        log4j-2.11.1-3.fc30.src requires mvn(org.zeromq:jeromq) = 0.3.6

$ repoquery --repo=rawhide{,-source} log4j
log4j-0:2.11.1-4.fc31.noarch
log4j-0:2.11.1-4.fc31.src

I'll see why the script uses the F30 package.

That's weird ... well, that's why I'm double-checking these things since my last mistake :wink:

It was the dnf cache. I'll always clean it before running the script.

jasperreports, lz4-java, spock, springframework, google-oauth-java-client, mina-ftpserver, tiles

@churchyard Thanks! I've updated the dependency tree in the meeting agenda.

Meeting summary:

  • @decathorpe opened unorphan request for some packages: https://pagure.io/releng/issue/8553
  • the remaining packages will be decided on later, once dropping spring (and possibly gradle) has been decided
  • Pull Requests will be reviewed later, as time allows
  • @decathorpe will do some more impact analysis of dropping spring and gradle and will comment on the tickets
  • @cipherboy will investigate reducing the number of dependencies of the dogtag-pki stack

Metadata Update from @decathorpe:
- Issue status updated to: Closed (was: Open)

2 years ago

Login to comment on this ticket.

Metadata