[Bug 361019] 3rd party dependency management using Git and Orbit
| Bugzilla Link | 361019 |
| Status | NEW |
| Importance | P3 enhancement |
| Reported | Oct 14, 2011 14:19 EDT |
| Modified | Oct 18, 2011 11:30 EDT |
Description
Based on a comment in bug 360994 I think we should streamline the process for managing 3rd party dependencies especially when migrating to Git.
Bug 360994 comment 0 says:
[...] If a component must be removed later, this involves a non-trivial
expenditure of effort on the part of both the project team and the webmaster
team. [...]
A while back when the Git discussion started I proposed to not allow 3rd party dependencies at all in individual project Git repositories. Instead all should go to Orbit.
This proposal was based on the assumption that Orbit would stay on CVS for some time and removing files from CVS is easy. If Orbit also migrates to Git than I propose to have a separate Git repository for every 3rd party package (which may contain multiple bundles, eg. a Lucene Git repo contains all and only Lucene bundles).
I'd like to bring this up on the AC table again for discussion. I think that we have room here for improving the process by streamlining and consolidation. If there is only one common place where all 3rd party dependencies are managed it will be easier to find, use and manage them. Separating the 3rd party packages from the project Git repos also reduces administrative overhead for webmasters.
When looking at bug 360994 I think that such a policy should be made mandatory for 3rd party packages approved under parallel IP.
As an exception, only finally reviewed and approved 3rd party dependencies may be committed into a project Git repo. But I would even go so far and propose to not allow this at all.