Hi all, On Mon, Apr 9, 2018 at 9:25 PM, glob <g...@mozilla.com> wrote:
> mozilla-central contains code vendored from external sources. Currently > there is no standard way to document and update this code. In order to > facilitate automation around auditing, vendoring, and linting we intend to > require all vendored code to be annotated with an in-tree YAML file, and > for the vendoring process to be standardised and automated. > > The plan is to create a YAML file for each library containing metadata > such as the homepage url, vendored version, bugzilla component, etc. See > https://goo.gl/QZyz4x for the full specification. > Generally, I think this is a great plan, and I'm pleased to see it moving forward. A few notes: 1) for the Node.js work I'm actively pursuing, I expect a |mach vendor rust|-like solution rather than a mozvendor.yaml-like solution (at least at first). This is because we need to integrate with Node-y workflows, where things are captured in package.json files -- a situation parallel to Rust, where things are captured in Cargo.toml files. 2) Firefox for Android vendored many dependencies into mobile/android/third_party, modified them, and has more-or-less not updated them since. That's seen as a problem, and some folks are pushing to upgrade those dependencies (see https://bugzilla.mozilla.org/show_bug.cgi?id=1438716). However, those upgrades will be captured as regular Android Maven dependencies and not as mozvendor.yaml dependencies. I don't think either of those things are controversial, just adding to the list of "things a little outside the system" on day one. Best, Nick _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform