mozilla :: #bugzilla

 
23 Sep 2017
15:30dylanit's about 10 minutes to get the master branch running locally, but the live version is going away soon.
15:30dylanthe live version being landfill
15:31dylanhttps://github.com/bugzilla/bugzilla/blob/master/README.rst#for-developers
17:10ruchloseww, didn't know Bugzilla now recommends CPAN over packages :(
17:14dylanfor development at least.
17:14dylanif you want packages, you should use a packaged bugzilla. eseyman has one for instance.
17:15dylanand we're very willing to help get official debian/ubuntu/etc versions made. :-)
17:16dylanbut if you're pulling down the repo for the development branch, using CPAN is best because it takes a long time for things to get distro-packaged.
17:16dylanbugzilla.mozilla.org has been using carton / cpanfile for more than a year and it has been way, way better than relying on distro packages. :-)
17:17dylancarton/cpanfile provide for version-locking the entire dependency chain: https://github.com/mozilla-bteam/bmo-systems/blob/master/bundle/centos6/cpanfile.snapshot
17:18ruchlosdylan: how do you monitor CPAN security updates?
17:20dylanthat's the weak point, it is basically being on a huge number of mailing lists.
17:20ruchlosthat's the biggest problem of introducing yet another way to get things installed.
17:20ruchlosthen again, Bugzilla has always requires some amount of CPAN packages but usually we've recommended getting the packages first, only then go after CPAN
17:21ruchloswhich is especially nice for tricky packages like DB libraries..
17:21ruchlosand those that require Apache development headers to build
17:21ruchlosdylan: "fun"
17:21dylanof course, bugzilla is almost a standard cpan package nowdays
17:22dylanso you can pretty much run cpan2rpm or whatever and that will probably work.
17:22dylanwhich is what I'd do if I had the ability to build rpms and get them into production.
17:22ruchlosthat doesn't help with security update monitoring
17:23ruchlosbut I guess it's the way of things now, developers are expected to watch those
17:23ruchlosor "devops" as they are called now :D
17:23dylanI mean, after doing cpan2rpm on all the deps you can try to get them accepted.
17:23dylanor you can maintain hundreds of packages
17:24ruchlosaccepted usually means you are the one still responsible for the updates
17:24ruchlosbut atleast that would help other devs if one does that
17:25dylanI keep meaning to ask in #toolchain if anyone has a package monitoring service
17:25ruchlos(that's the way EPEL works)
17:25dylan#toolchain on irc.perl.org anyway
17:25ruchlosdylan: BRC does get automatic bugs filed for such updates in Fedora/EPEL/RHEL so they have at least some tooling
17:26ruchlosnot sure about CPAN but they do have some CPAN packages too so I'd guess it works for them too
19:47eseymanruchlos, dylan: BRC depends on release-monitoring.org to watch updates
23:27dylaneseyman: thanks! that is useful info
 
23 Sep 2017
   
Last message: 11 minutes and 56 seconds ago