RFC: Convert to monorepo & meta stuff (tidelift) #569
Comments
tunnckoCore
changed the title
|
@GrosSacASac I'm also talking with Tidelift for joining the network. I suppose you are okay with that. We can get some benefits from this. :) |
|
Sorry I forgot about this RFC, yes and yes. |
tunnckoCore
changed the title
tunnckoCore
changed the title
|
Okay, great. Updated OP. |
|
My two cents:
Thanks for all your work on this project @tunnckoCore |
Sure. I think they are notified when they're removed from npm/github, I don't know. If not, when they realize it they will probably come up in the issues and we can discuss it, for sure.
https://tidelift.com - they are helping to market given package, ensure high security & quality, handling security disclosures, help with maintenance/licensing and connect with (enterprise) clients. It's a platform that allows those who want stability or professional support to connect with with those managing the given project getting better/priority support, or for example, LTS releases and etc. In general, The Lifter Agreement that I just signed and which should be signed by everyone who wants to split the received income, which by automated estimates currently is like for few cup of coffees (at least that is showing the site). We will see in future and will be discussed with anyone who want, for sure. About turning README into an advertising place, no. Or it would be utmost to a degree that's generally acceptable and can be seen in other big projects that are using Tidelift or OpenCollective, or other sponsoring channels - nothing too much or aggressive, definitely. |
|
Tidelift requires a single sentence that the project is on tidelift. Not too aggressive in my opinion. |
|
@tunnckoCore thanks for clarifying. This all sounds good to me. A small note in the README as suggested by @GrosSacASac is fine. No need to notify the current commiters when removing them beyond what GH might do automatically. I initially thought you were going to join a company named Tidelift as an employee. If they're just some sort of way to crowdfund open source, then I don't have much concerns. I'm happy if there are any opportunities for those working on node-formidable to get some compensation for it. I've just had bad personal experiences with corporations taking over open source projects in the past, including node.js itself ; ). But I trust you to make the right decisions. Thanks again for continuing to maintain this package! |
Good point, my fault in wording.
True. But sponsoring/paying for Open Source is needed. The Tidelift model is a good one because every party is winning (in any sense) and has the motivation to continue doing their job as best as possible.
Thanks too :) I'm here for already 2-3 years, but @GrosSacASac was the trigger for me, haha. |
part of #569 (joining to the Tidelift network)
part of #569 (joining to the Tidelift network)
Agreed!
Sure, looking forward to see how it works out. |
Signed-off-by: Charlike Mike Reagent <[email protected]>
Signed-off-by: Charlike Mike Reagent <[email protected]>
|
Removed the npm rights for all non-active people, except @kornelski, @felixge and me. We are also already and officially part of the Tidelift Subcription covering all the requirements, as other 1880 packages is doing. |
|
maybe we should switch to ES imports instead of requires for v2 |
|
(Joke)
February 2030 😂😂😂 |
agree
yea, exactly hahahaha... how time pass... dang. It will happen this February though, for sure. :D |
|
Can this issue be closed or is there something to do still @tunnckoCore ? |
|
Yea.. i think we can close. There's other issues for that too 😆 |
Convert to monorepo (multi-package repo)
Why?
koa-better-bodyfor integration testing. It has extensive test suite and can be great testing for what is happening when changes comes.Joining Tidelift network
Due to joining and aligning with Tidelift agreements, we need to enforce 2FA on NPM (and in GitHub). Plus security & other policies, code of conduct (contributor covenant 1.4) ✔️ and etc.
Currently there are too many that have rights on the npm package and I guess it's fair to remove them and make it with 2FA requirement - me, @felixge and @GrosSacASac (and probably one more for fallback if something happens to me, probably @kornelski). Others are welcome to be active again and can be discussed further. @xarguments and @kornelski done much job too. Kornel is an owner in the org, Xargs (and others) doesn't accepting the invitation for a long time. I guess we can close #412 too.
I don't want to take full control or credits. It's just the situation now that it seems I'm the lead recently and in forseeable future. Just want to move forward.
I'm excited for v2 which will include all the things and bugfixes from the tons of previously opened issues and PRs, plus new Streams (#531 by @GrosSacASac) and Plugins API (#545 by me).
Currently we have 2M downloads a week, but I'm not yet sure from where they come. I'll investigate more on that topic and will be able to come up with some plan for the v1 roadmap, future support, security fixes (probably?) and more.
/cc @felixge @charmander @xarguments @quantumsheep @GrosSacASac @kornelski
edit(Feb 12, 2020): removed the npm rights for all non-active people, except @kornelski, @felixge and me.
The text was updated successfully, but these errors were encountered: