Consolidate GitHub Organizations for TiddlyWiki #6565
Comments
|
I did create tiddlywiki-org organization, so nobody else can register it. I also used it to have a playground at github, to see, how organizations can be configured. I personally wouldn't delete that organization, because then anyone else can misuse it. .. And it could still be used if we need a place to run experiments. I can remove all the visible content and only show some links to the TiddlyWiki organization. |
Equally, we can't preregister all the possible TiddlyWiki-related organisation names. I don't think it's a problem to let it go.
I don't think that's sufficient. Just having it turn up in search results is deeply confusing for end users. If you want an org to experiment with then I think it should be renamed, or create a new one. |
|
OK. So you definitely want tiddlywiki-org to be deleted. right? I also created TiddlyWikiClassic ... So you definitely want that to be deleted too. right? |
|
Thanks @pmario, yes please, much appreciated. |
|
I did remove them. The names are locked for 90 days now |
|
Thanks @pmario – of course it's the migrations that are going to take a little longer 😄 |
|
I've just transferred TiddlyDesktop to https://github.com/TiddlyWiki/TiddlyDesktop. Everything should redirect transparently. If things go smoothly I'll move ahead with the other transfers. |
|
I've opened some tickets on the TiddlyWiki repo: |
|
What can be in the TiddlyWiki organization? We have nodejs wiki app and automated plguin library in https://github.com/tiddly-gittly , but they are mostly around TidGi (make most things work out-of-box for new users). Maybe they should just be in tiddly-gittly until some conditions meet? |
|
I think using an organization other than a single repo, we will have the opportunity to move official plugins to separate repos, I think it will be easier to manage issues for each plugin. And maybe even refactor the core parts of tw, so they can be used in a "headless" way, for example, a browser extension that renders readme.tid in the Github. This will make TiddlyWiki not "zero dependencies" anymore, so may not be a good idea. |
|
Hi @linonetwo
The main TiddlyWiki organisation is to codify community ownership of the offical distribution of TiddlyWiki and the associated tools. So there are two criteria:
At this point, it's probably still going to be a judgement call in individual cases.
We're 25% of the way through 2022, and my big personal goal for the year is to get an official community plugin library up and running. TiddlyGittly is hugely encouraging and inspiring, and would be very similar to what I have in mind.
I'm committed to keeping the core distribution of TW5 in a single repository because it makes things so much easier for users – there can be no confusion about whether two given components have matching versions, because the repo as a whole is versioned. Currently, there are too many irrelevant and obsolete plugins in the TW5 repo. Once the CPL is up and running, I'd like to move things like the D3 plugin out of the core. The plugins in the TW5 repo should just be the key plugins with community ownership (eg the Markdown plugin).
I'm not sure what you mean – TW5 can already be run headless under Node.js? I would like to introduce a mechanism for cleanly handling optional npm dependencies (eg the AWS plugin). |
I personally wouldn't want to add the npm dependency nightmare to tiddlywiki. From my point of view npm dependencies are a general security risk, for everyone who uses it. |
@pmario perhaps you misunderstand me. We already use npm dependencies. My point is that the AWS plugin currently requires users to manually type "npm install aws-sdk", and that I'd like to introduce a mechanism for Node.js plugins to declare optional npm dependencies that get managed by TiddlyWiki as required. |
I think, I didn't. ... but I'm OK with the idea, to use "minimal audited" tiddlywiki dependencies.
I think that's a good thing and github supports these possibilities: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-npm-registry and https://docs.github.com/en/packages/working-with-a-github-packages-registry |
There are two ways, one is using my ts plugin template https://github.com/tiddly-gittly/TiddlyWiki-TS-Plugin-Template , which will pack all npm deps into the json plugin. Another is run |
|
@linonetwo I think transpilers are part of the problem I want to avoid and not a solution. Have a look at your dev-dependencies and tell me, that you can guarantee that you exactly know what you install and execute on your system. (With probably admin privileges) Most of our users have absolutely no idea what those settings mean, and what they do if they run |
|
Just search for npm supply chain attack for the last month and you'll see, what I mean. |
Who is suggesting anything different? It really seems like you have misunderstood. I made a casual reference to improving our existing usage of npm and then a few minutes later you're talking about npm supply chain attacks. Those kind of scare stories are pretty unhelpful here. Please be specific about what you think we're doing wrong, or about what specifically is wrong about my proposal. |
|
We can deal with plugin security risk (including the risk introduced by the npm dependencies) by comment and rating system in CPL. Core plugins are trustworthy, but those outside the organization and aggregated by the CPL will need this. This is offtopic I think, we can discuss this elsewhere, acturally I have many thought oh this. |
The TW plugins are not the real problem. Installing the development system, that introduces a massive amount of dependencies is the problem, I'm talking about. |
|
Please make sure issue, commit, pr, and discussions are mostly keeped during migration! Searching in these materials always gives insights to me. |
|
Hi @linonetwo yes indeed! As far as I can tell, the complete history of the repos is retained when they are moved. https://github.com/TiddlyWiki/TiddlyDesktop has already been moved, and seems fine. |
|
Very good to have everything in one place. Have a nice day, Okido |
Over the years, a number of GitHub Organisations related to TiddlyWiki have been created by myself and others.
It is proposed to adopt a policy of moving all official TiddlyWiki-related repositories to the main https://github.com/TiddlyWiki organisation.
To keep the logistics simple this will be a gradual change.
The following repositories need to be migrated to https://github.com/TiddlyWiki:
I think the following organisations are experiments that can be deleted immediately:
UPDATE 31st April 2022: I've opened some tickets on the TiddlyWiki repo:
The text was updated successfully, but these errors were encountered: