Describe the bug
nodejs 11 has reached EOL on June 1, 2019 https://github.com/nodejs/Release
To Reproduce
master branch as of 2019-09-17 (651cd75f6ce60c9a828c0827e838baee2629674d).
packages affected:
nimsourcehut
Expected behavior
Remove
nodejs-11_xnodejs-slim-11_x
cc: @goibhniu @gilligan @cko
marsam
All 10 comments
I don't necessarily _mind_ removing nodejs-*-11 at the same time i'm wondering if the maintenance EOL per se necessarily implies that it must be removed.
Obviously we have lots of packages that don't have proper maintenance not to mention any kind of maintenance schedule.
gilligan
on 18 Sep 2019
Well, just because it reaches EOL, doesn't mean people will stop using it.
So it is rather a question if Nix/NixOS have any guidelines in general, of what to do for EOL software.
I would assume it continues to live on.
eyJhb
on 20 Sep 2019
Well, for rather important packages like nodejs we have several folks who regularly update this. Also I think it's a (probably unofficial though) convention to drop packages that are about to get EOLed within the lifetime of a NixOS release.
Ma27
on 20 Sep 2019
Yeah php is an example of dropping package which will EOL during a release.
Given the ease of adding oldstable to your channels I think generally it a good thing to drop software which will EOL during the life cycle of a release.
aanderse
on 20 Sep 2019
Right, i was also bringing this up in the NixOS office hours and everyone there was in agreement that this should go ;) :+1:
gilligan
on 20 Sep 2019
There's relatively new meta.knownVulnerabilities attribute, causing packages to be unusable by default but people can explicitly override. EDIT: we use this e.g. for old firefox branches like
{
meta.knownVulnerabilities = [ "Support ended in August 2018." ];
}
vcunat
on 21 Sep 2019
There's relatively new meta.knownVulnerabilities attribute, causing packages to be unusable by default but people can explicitly override. EDIT: we use this e.g. for old firefox branches like
I actually thought that this is supposed to be used for packages that have a known security issue that isn't fixed yet or can't be fixed atm.
As far as I can see it, nodejs-11_x is only used for one package (namely sourcehut), so I don't think that the impact by removing it isn't too hard.
Ma27
on 21 Sep 2019
Hmm... On of the arguments that was mentioned, was that if it wasn't removed, it would look like the NixOS team maintains the package, which is not the case.
But if something states "we do not support it" as above, then maybe it is better? Don't really know.
But I remember that it was @grahamc that said the above :)
eyJhb
on 21 Sep 2019
Sourcehut has no special preference for any particular node version.
ddevault
on 21 Sep 2019
Yeah, I just pointed this out as it was pinned to node-11_x at the time I wrote my last comment.
Are there any further objections? Otherwise I'd prepare a patch which removes nodejs-11_x from our package set.
Ma27
on 29 Sep 2019
Related issues
spacekitteh
路
3Comments
rzetterberg
路
3Comments
langston-barrett
路
3Comments
grahamc
路
3Comments
ghost
路
3Comments
Most helpful comment
Yeah
phpis an example of dropping package which will EOL during a release.Given the ease of adding oldstable to your channels I think generally it a good thing to drop software which will EOL during the life cycle of a release.