New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deprecate Geddy project #745
Comments
The end of an era. :) I agree. @phanect, thank you so much for doing this. I'll take care of the Web site. |
😢 If someone were to take it on, would they still be able to? I am just wondering just on the small chance I suddenly want to try maintain it. |
I have been running geddy at http://CallMeHelp.com since 2024. Sorry to
hear of its passing. Many thanks to all the contributors. I appreciate
being able to stand on your shoulders. Is anyone aware of any security
issues I need to be mindful of as we move into production?
…On Tue, 6 Nov 2018, 17:39 Chris Hatton, ***@***.***> wrote:
😢
If someone were to take it on, would they still be able to? I am just
wondering just on the small chance I suddenly want to try maintain it.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#745 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AACfWEyVNlnmv1wEqvLWbiangRQv8I3Aks5usck9gaJpZM4X_VyT>
.
|
If someone were willing to take on the work of doing security updates, I'm happy to keep hosting the doc site, and doing releases. Let me know what y'all would like to do. I would be happy to allow the folks who want to use it to keep using it. |
Whoops a fat finger moment 2024 ->> 2014
…On Wed, 7 Nov 2018, 08:22 John Jones, ***@***.***> wrote:
I have been running geddy at http://CallMeHelp.com since 2024. Sorry to
hear of its passing. Many thanks to all the contributors. I appreciate
being able to stand on your shoulders. Is anyone aware of any security
issues I need to be mindful of as we move into production?
On Tue, 6 Nov 2018, 17:39 Chris Hatton, ***@***.***> wrote:
> 😢
>
> If someone were to take it on, would they still be able to? I am just
> wondering just on the small chance I suddenly want to try maintain it.
>
> —
> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub
> <#745 (comment)>, or mute
> the thread
> <https://github.com/notifications/unsubscribe-auth/AACfWEyVNlnmv1wEqvLWbiangRQv8I3Aks5usck9gaJpZM4X_VyT>
> .
>
|
It's annoying as I'm new to node, yet I love this project coming from ruby on rails. I would like to maintain it. Like @myichild asks, what are the security issues? Is it a matter of updating the packages and then ironing out any errors? |
GitHub states it's the packages...
|
Right! I'm going to learn node.js. I can't see this project melt away! lol |
@mde,
OK, I'm starting to work on.
If we archive the repositories, it would be easier for users to understand Geddy is deprecated, but by archiving repositories, entire the repository including source code, issues and pull requests would turn read-only. Since @ckhatton might make contributions, it might be better not to archive the repositories.
As @ckhatton already confirmed, GitHub's Vulnerability Alerts is pointing out In addition to these packages, You can see npm's analysis with the following commands: $ cd path/to/geddy
$ npm install # to generate package-lock.json
$ npm audit Note that there are also vulnerabilities in |
I am committed to using geddy in production until 2021 and have cloned the
app into our own repo in anticipation of its deprecation. I'm also looking
for a couple of people to help with coding on both geddy and some nodejs on
a raspberry pi reading electricity power and feeding it back to geddy.
…On Wed, 7 Nov 2018, 10:36 Chris Hatton, ***@***.***> wrote:
Right! I'm going to learn node.js. I can't see this project melt away! lol
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#745 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AACfWFlHXtL0OeupoFGBY9X5zSDo8odfks5usrelgaJpZM4X_VyT>
.
|
@phanect @mde Okay, I'm not sure what to suggest. I can't say to keep the project open just on the chance of me learning nodejs enough to fix it all. It seems myself and @myichild are the only ones interested, considering there's 94 people watching this repo and no one else has said anything... yet. |
Chris, perhaps we should have a chat?
…On Wed, 7 Nov 2018, 13:35 Chris Hatton, ***@***.***> wrote:
@phanect <https://github.com/phanect> @mde <https://github.com/mde> Okay,
I'm not sure what to suggest. I can't say to keep the project open just on
the chance of me learning nodejs enough to fix it all. It seems myself and
@myichild <https://github.com/myichild> are the only ones interested,
considering there's 94 people watching this repo and no one else has said
anything... yet.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#745 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AACfWLZNdw4UhNbQTIp7q-PtAr4enokQks5usuGjgaJpZM4X_VyT>
.
|
Umm... Yeaah? haha |
Great. Drop me a line at john@callmehelp.com.
I'm in the UK on GMT, where are you based?
---------------------------------
John Jones
UK: (+44) (0)797 644-3043
https://uk.linkedin.com/in/mrjohnjones
"To invent, you need a good imagination and a pile of junk." Edison
ᐧ
…On Thu, Nov 8, 2018 at 10:49 PM Chris Hatton ***@***.***> wrote:
Umm... Yeaah? haha
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#745 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AACfWEf92iJ_78T052-O226SUriM06Zaks5utLUMgaJpZM4X_VyT>
.
|
So I guess a plan of action would be myself or someone would be to:
@mde I remember you said in the past that you would happy to give guidance on any issues? As it is your code and you know it better than someone coming to it new. I warn this will take ages to carry out by the way - no immediate completion. I need to learn node.js to a point I can be comfortable to understand it and use it. |
Hi.
An other point could be.
3. Es6 syntax support :)
El vie., 9 nov. 2018 a las 5:51, Chris Hatton (<notifications@github.com>)
escribió:
… So I guess a plan of action would be myself or someone would be to:
1. Change the vulnerable packages.
2. Start working through the 100+ open issues.
@mde <https://github.com/mde> I remember you said in the past that you
would happy to give guidance on any issues? As it is your code and you know
it better than someone coming to it new.
I warn this will take ages to carry out by the way - no immediate
completion. I need to learn node.js to a point I can be comfortable to
understand it and use it.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#745 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/Ac1-xYh3rJX7rWcu8lXUsLmkWR61i_Tcks5utUH4gaJpZM4X_VyT>
.
|
@Penayo Err... haha maybe, but let's worry about the state of the project first. |
😕
I like Es6. Of course this is a sustancial change and it require to much
time and resources. It is not a begin point, but is an important point that
need to be in the calendar.
I can colaborate with You. Geddy is s good, I an ex rails developer and an
node.js developer, I can help you with some ideas.
El vie., 9 nov. 2018 a las 10:50, Chris Hatton (<notifications@github.com>)
escribió:
… @Penayo <https://github.com/Penayo> Err... haha maybe, but let's worry
about the state of the project first.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#745 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/Ac1-xcAdxIAFAZIWESMwAHie9SyzqFVUks5utYgpgaJpZM4X_VyT>
.
|
@mde @myichild @ckhatton @Penayo I have deprecated I also edited README and made pull requests. I was going to merge them now, but is it better if I wait for the conclusion of this discussion? I won't archive the projects at least for now to keep this thread accessible. |
@phanect Yeaaah, it sounds like we're actually going to mend the packages. Is it possible to make it deprecated and then take the deprecated notice out? Because I am not sure how fast we'll get round to sorting out the vulnarbilities. |
Going on we really need a master branch and a It would be so much cleaner and organised. I can't understand most of the current branches. |
@mde PR created! 😊 |
Yes, I think it's possible. |
So with the geddy packages updated (#747), it is correct to say that model and geddy-passport still need updating? |
Apologies for long delay. I still keep this issue open since the website doesn't have deprecation notice yet. |
@ckhatton Sorry for ignoring this for long 🙇
Regarding to I don't see any vulnerable packages alert for If you still have motivation to do this, it might be better to create another issue and discuss on it 😄 |
Unfortunately, Geddy is no-longer actively maintained.
I think it's time for the Geddy project to officially declare deprecation.
To make matters worse, there are some vulnerable versions of packages in the dependencies.
I fixed some, but I gave up to update others because it may be a big change.
Some engineers may not notice vulnerable packages included in Geddy, and use it for new projects. It is safer to notify that.
To notify Geddy is deprecated, I suggest following:
npm deprecate
npm deprecate geddy "Geddy is no longer maintained."
npm deprecate model "model is no longer maintained."
npm deprecate geddy-passport "Geddy is no longer maintained."
Archive the repositories under github.com/geddyIf @mde agreed and no other disagreement, I will work on it except for website.
The text was updated successfully, but these errors were encountered: