Sourcing Perl dependencies via Debian's Apt repositories or embedded CPAN dependencies wouldn't affect your "aptitude update/upgrade", as Koha would've been tested ahead of time before being released.
Perl and npm are apples and oranges. Perl is to Node.js as carton is to npm. There are good and bad packages in both ecosystems. But Debian Perl package maintainers are very useful. My favourite example is HTTP::OAI. Tim Brody's HTTP::OAI version 4.03 on CPAN was broken. The version in Debian stayed on 3.27 for a while, and then when 4.03+ was added to Debian, it included patches from a Debian package maintainer. (Actually, looking at CPAN now, it seems like someone else has also finally taken over HTTP::OAI from Tim Brody, which is promising.) If we didn't use Debian packages, I suppose we would've stayed at 3.27 until the CPAN version was fixed. David Cook Systems Librarian Prosentient Systems 72/330 Wattle St Ultimo, NSW 2007 Australia Office: 02 9212 0899 Online: 02 8005 0595 -----Original Message----- From: Koha-devel <koha-devel-boun...@lists.koha-community.org> On Behalf Of Mike Lake Sent: Wednesday, 10 June 2020 6:04 PM To: koha-devel@lists.koha-community.org Subject: Re: [Koha-devel] Adopting CPAN and Carton Plus for Chris's view on this. As a sys admin that maintains a Koha for an org I want to be able to "aptitude update/upgrade" without problems and do a future dist-upgrade with few problems. Perl is pretty stable (vastly stable compared to npn packages) but there are occasionally patches that come through. It's preferable for a Debian Perl package maintainer to manage that I think. Mike --- Mike Lake On 2020-06-10 17:49, Chris Cormack wrote: > Hi all > > Just want to put on record my thoughts that replacing the package > architecture with carton or cpan seems like a bad idea. > The main benefit of using modules packaged and tested by debian > developers is that is a whole lot of work we don't have to do. It > comes under the debian perl (who have massive combined knowledge) and > the debian security team. > If we are going to move away from that someone is going to be needing > to follow all the security advisories for all the perl modules we use > (must be a hundred or so) and deal with that. It also makes OS > udgrades harder. > > I'm not opposed to having them as an option but replacing the packages > with them seems like a step into the utter chaos that is things like > npm and the node world. > > Chris _______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
signature.asc
Description: PGP signature
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/