Hi, I would like to just add my cent to the question of ownership of these forked repos: I am on the side to have opendev ownership over them as that give long(er) term stability, even now when we have serious shortages in design. But consider the situation when e0ne leave the community, we have to do the fork again and move these repos under opendev umbrella.
Regards Lajos
Jean-Philippe Evrard jean-philippe@evrard.me ezt írta (időpont: 2020. márc. 16., H, 9:54):
On Fri, 2020-03-13 at 18:29 +0200, Ivan Kolodyazhny wrote:
Hi team,
I'm sorry for being too noisy, but I decided to tag TC to get more attention to the current Horizon situation.
Don't be sorry, it's good that you raise this point!
We've got a bug reported by Kolla team two days ago [1]. We merged some workaround [2] and [3] yesterday. Thanks a lot to the Requirements team for the really quick merge! I appreciate it.
For now, we've got horizon gates broken because of hose patches fix only devstack but not unit tests jobs.
The root cause of this situation is pyScss package which is not maintained for the last two years. It's not a surprise to me that it doesn't work with the new setuptools. I'm really surprised that we've found this kind of bugs only now.
I suppose that we can't easily get rid of the dependency...
Since I don't believe we can block new setuptools forever, I decided to fork pyScss [4] and django-pyscss [5] projects. I'm still not sure that I've done everything right with licensing and versioning, but it works now on my environment. Any help on these areas would be much appreciated. I proposed patches to requirements and horizon repos [6] to use new libraries.
I checked your repos, they are BSD and MIT licensed. Which means:
- Horizon didn't do anything wrong with using them in the first place
- Your fork can be used to use them
- We could make "your forks" projects on opendev.
I suppose you're not only calling to say that you're now maintainer, but instead want to raise the fact that you're (now) the only maintainer, and we need more folks to step up and help maintain...
The reason I've tagged TC in the mail thread is described below.
Horizon has a lot of too old and unmaintained libraries. I'm pretty sure that this only one of the first issues with outdated dependencies which blocks horizon and other gates.
Is there a path forward to remove the usage of those dependencies, or to change things? If we have a plan, it's (relatively) less hard to point people to work on said plan to get help.
I do understand why we've got this situation. Unfortunately, we don't have any full-time horizon developers in the community. Horizon is mostly in maintenance phrase but not in active development.
Sadly, it can be said of multiple projects. I am definitely hoping that Horizon will get the attention it deserves. Having a plan of "renovation"/"renewal" of horizon might help, as said above.
I would like to get more attention on this issue because we have to update all dependencies not because they are new, have new features and/or security fixes. We have to take care of our dependencies asap to avoid usage of unmaintained libraries to have the whole OpenStack and Horizon healthy.
Agreed. Do you have other dependencies that are at risk here for horizon? Did you audit this recently?
P.S. I'm sorry if this message is too rude or emotional, I really don't want to make it such one.
It's not rude or emotional. You're raising a good point.
[1] https://bugs.launchpad.net/kolla/+bug/1866961 [2] https://review.opendev.org/#/c/711930/ [3] https://review.opendev.org/#/c/712777/ [4] https://github.com/e0ne/pyScss/ [5] https://github.com/e0ne/django-pyscss [6] https://review.opendev.org/#/q/status:open+topic:fix-pyscss
Regards, Ivan Kolodyazhny, http://blog.e0ne.info/
I think it might be worth splitting this email in multiple topics:
- Should we move pyScss and django-pyscss into opendev? (Do you want to
do it, or are you fine with your current fork right now?)
- How can we clean up the dependencies in horizon?
- Should Horizon be listed in the business opportunities, to have
someone to step up?
- Should the TC audit all the official projects to avoid usage of
unmaintained libraries?
Regards, JP