►
From YouTube: 📦Package Managers WG Weekly Sync February 19, 2019
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
We
got
proper
logging
and
metrics
on
NPM
on
the
ipfs
NPM
registry
Mareth,
which
is
lovely
because
now
we
can
see,
like
you
know,
resources
over
time
and
all
that
kind
of
stuff.
That's
been
super
helpful,
I
investigated
what
I
thought
was
a
memory
leak
in
the
mirror
turns
out
it
wasn't
a
memory
leak
at
all.
What
was
happening
was
just.
A
It
was
interesting
NPM
too
quickly
and
it
wasn't
getting
it
on
to
s3
quickly
enough,
and
so
we
were
putting
all
this
data
down
and
it
just
going
into
a
buffer
waiting
to
go
off
to
s3,
which
is
filling
up
and
the
process
was
falling
over.
So
that
was
good
news.
It
just
needed
a
bit
of
a
bear
tuning
to
be
less
less
aggressively
downloading
stuff
from
NPM.
A
So
that's
been
great
now
for
for
pretty
much
a
week
and
so
I'm
losing
that
one
off
I
wrote
some
blog
posts
on
NPM
and
ipfs
on
the
client
in
the
registry.
They
are
in
progress.
I
need
to
address
with
the
comments
on
that
yeah,
so
no
block
to
anything.
The
next
thing,
I'm
going
to
be
doing,
is
looking
into
a
pub/sub.
A
So
we've
got
this
weird
problem
at
the
moment
where
to
the
replication
master
pools
anything
from
NPM
ingest
them
into
ipfs
updates
the
pack
youment
as
they
like
to
call
it
with
see
IDs
for
all
the
tar
balls
and
then
uses
pub/sub
to
broadcast
all
the
mirrors.
Hey
there's
been
an
update
here
is
a
new
here,
is
a
new
apartment
and
then
marries
goku
and
replace
their
copy
of
the
manifest.
A
With
with
what
they've
been
given,
which
all
works
for
about
half
an
hour
also
and
then
suddenly
the
replication
masters
list
of
topic,
peers,
empties
and
stop
sending
messages
to
people,
even
though
it
claims
to
be
sending
messages.
So
I'm
kind
of
looking
into
that
at
the
moment,
I'm
just
running
it
all,
with
a
lot
of
logging,
going
on
with
floods
of
and
they've
open
an
issue
on
the
little
of
p2p
pub/sub
group
as
well
a
bit
of
help
from
the
guys
in
that
and
that's
gonna.
B
A
B
So
I
don't
know
if
I'd
say
caught
up
completely,
but
I
certainly
have
a
little
bit
better
understanding
of
how
protocol
labs
is
doing
stuff
and
have
read
a
humongous
amount
of
Doctson
issues
and
things.
The
other
kind
of
naughty
little
thing
that
I
did
was
a
oh
I.
Can
I
can
screen
share
this
thing.
Let's
try
this
based
off
of
the
registry
Oh.
What
that
doesn't
the
crypt
pad?
It
makes
it
look
like
links
or
links,
but
they're,
not
links.
Are
they
let's
try.
This
share.
B
So
I
made
a
little
page
that
you
can
type
in
a
package
name
and
it
will
go
to
jail
registry,
jester
ipfs
tayo
and
pull
the
data
from
the
API
there,
and
it
really
only
shows
the
latest
version
and
the
the
cid
if
it's
available
right
now,
but
potentially
there's
a
few
different
things
that
you
could
do
with
that.
It
could
be
wrapped
up
in
a
Chrome
extension
that
we
could
basically
make.
B
B
Also
that
kind
of
thing
building
that
made
me
realize
that
and
we
needed
cause
adding
to
the
registry.
So
I
added
that
as
well
as
a
little
thing.
This
isn't
hosted
on
ipfs,
but
it
is
a
single
page.
So
I
should
think
you'd
be
able
to
do
that
if
we
wanted
to,
but
probably
it's
just
a
case
of
making
it
part
of
the
registry
as
as
a
built-in
web
page,
rather
than
like
a
whole
separate
thing.
I,
don't
think
we
want
to
go
ahead
and
build
another
libraries
io
on
top
of
that
just
yet.
B
The
I
also
started
looking
into
I've,
not
really
started.
Building
it
yet,
but
I
made
a
started,
making
a
plug-in
for
bundler
the
Ruby
gems
dependency
manager-
and
it
has
quite
a
nice
set
of
API-
is
to
be
able
to
extend
the
manifest
format.
So
you
can
actually
add
more
content
to
a
lock
file,
a
gem
file
lock
in
Ruby
gems.
Without
that,
like
being
blasted
away
by
existing
clients,
it
will
basically
only
update
the
sections
that
it
cares
about
and
allows
you
to
add
stuff
in.
B
B
They
don't
have
to
be
loaded
over
HTTP,
you
can
add
in
all
different
ways
and
they
actually
implement
three
of
them
themselves.
The
get
one
the
the
path
one
and
there's
another
one
Oh
regular,
rubygems
dog,
so
started
I,
don't
think
it'd
be
too
complicated
to
do
to
basically
make
a
command
that
all
could
take
your
existing
installed.
B
Ruby
gems,
put
them
on
ipfs,
get
back
the
see
IDs
for
each
package
or
each
file
dot
gem,
which
is
what
you
get
from
rubygems.org
and
then
write
that
into
the
gem
file
clock
so
that
you
can
reproduce
the
whole
thing
again
without
needing
to
be
online.
You
can
just
talk
to
your
local
ipfs
daemon,
but
there
does
require
updating
the
ruby,
ipfs
HTTP
API
wrapper,
which
there's
there's
an
active
maintainer
behind
it,
but
he
is
a
little
bit
slow.
B
And
then
dependency
resolution
is
significantly
harder
or
they
just
don't
bother
in
other
ways,
c
GX
as
an
example
of
not
bothering
to
do
any
dependency
resolution,
but
basically,
then
taking
those
categories
and
looking
at
different
ways
that
we
could
make
some
use
cases
or
some
different
approaches
to
solving
some
form
of
like
basic
IP
FS
support
without
needing
to
completely
burden
the
registry,
maintainer
x'
with
adding
a
whole
load
of
extra
stuff
that
they
needed.
A
support.
Forevermore,
which
is
tricky
next
thing
that
I'm
going
to
do
is
talking
of
registry.
B
C
A
question
about
that
I
also
I
had
to
stop
listening
for
for
the
few
seconds.
So
maybe
you
already
answer
my
question
so
sorry
for
making
you
repeated,
but
so
so
I
think
there's
like
two
phases
to
this
rule
map
for
package
managers.
One
of
them
is
like
what
the
package
manager
is
going
to
focus
on
relationships
etc,
and
the
other
part
is
really
like
these
lists
of
requirements
that
we
want
to
create
as
soon
as
possible
to
inform
all
the
other
working
groups
right.
C
There
is
this
huge
dependency
right
now,
where
people
kind
of
like
some
intuition
but
it'd,
be
great
to
have
the
leadership
from
the
package
managers
working
group
with
like
support
of
other
working
groups,
of
course,
to
just
kind
of
like
identify
what
would
be
the
top
level
items
so
that
the
other
working
groups
can
like
it
just
a
roadmaps
for
q2,
and
so
so
did
you
have
time
to
think
about
that
like
on
the
pipeline?
So.
B
I'm
need
to
speak
to
more
people
that
are
more
aware
of
the
like
levels
of
implementation
and
readiness
for
ipfs,
which
is
something
that
I
will
add
to
my
list
to
do
this
week
of
trying
to
gauge
like
given
these
things.
How
achievable
are
those
things
because
I'm
still
kind
of
in
the
weeds
a
little
bit
there
on
what
things
are
good?
What
things
are
bad
I
mean
the
heading.
B
The
tht
stuff,
big
working
with
the
NPM
registry,
will
be
a
really
good
kind
of
test
to
see
how
much
those
kinds
of
things
can
work
and
like
can.
We
then
get
other
people
to
connect
their
hosted
versions
of
those
of
that
registry,
or
you
know
the
similar
kind
of
bit
of
code
to
actually
all
start
working
together
and
being
told
about
new
versions
of
things
being
published,
but
as
it
connects
to
how
exactly
the
ipfs
roadmap
should
change.
I'm,
still
not
exactly
clear
on
that.
So
I
think
it's
more.
B
C
I
think
you're,
right
and
I,
don't
think
like.
We
are
expecting,
especially
that,
given
that
you
just
joined
the
project
and
in
like
this,
we
just
got
subscribe
hit
that,
like
you,
will
be
able
to
enroll
a
list
of
requirements
specifically
for
which
feature
goes
into
which
implementation,
but
but
but
like
it's,
that
list
of
requirements
from
the
package
management
slant
right.
How
often
are
the
publishes?
Where
is
the
size
of
the
datasets
like
what?
What
would
like
what,
for
example,
if
you
were
to
build
a
package
manager
today?
C
What
will
be
the
benchmarks
that
you
would
need
to
see
from
multiple
file
systems,
multiple
file
stores?
That
would
give
you
the
confidence
that,
like
it's
ready
to
store
all
of
your
packages
right
into
having
those
kind
of
like
tests,
benchmarks,
written,
say,
hey
if
ipfs
cannot
handle
like
five
terabytes
every
day,
moving
from
like
10
mirrors,
and
then
a
package
manager
such
as
I,
don't
know
company
name,
a
project
name
would
not
adopt
it
because
that's
what
they
are
doing.
C
Oh
I
can
then
create
a
DHT
providing
policy,
we're
only
the
see
IDs
of
the
package
itself
gets
published,
but
not
the
internal
Vox
of
the
package
so
now
I'm
able
to
optimize
like
the
publishing,
because
I
can
like
just
remove
all
these
other,
provides
from
each
block
and
all
the
intermediary
nodes
in.
Like
from
your
point
of
view,
you
don't
need
to
know
like
these
internal
details.
You
just
need
to
to
tell
the
group
like
the
requirements
and
when
I
say
you
I
can
actually
I
really
mean
us.
C
A
A
Exactly
you
know,
can
we
move
the
goalposts
slightly
but
like
we
have
to
be
able
to
say,
I
mean
we
have
to
know
under
what
conditions
it
is
as
fast
as
HTTP,
because
you
know
what
we
can't
do
is
turn
around.
So
I
have
have
the
maintainer
turn
around
to
their
users
and
go
hey
cool
you've
got
this
like
a
new
thing,
oh
by
the
way,
it's
gonna
take
three
times
from
stalled
everything
three
times
as
long.
You.
D
Gonna
be
its
the
progressive
jpg
of
what
are
the
asks
from
the
package
managers
working
group
like
today,
they're
going
to
be
pretty
high
level
and
a
bit
like
we
need
to
be
able
to
store
an
MP
Emsworth
packages
and
where
we
want
to
get
to
is
in
about
weeks,
have
something
a
lot
more
concrete.
There
are
other
people,
other
working
groups
can
use
to
drive
there
their
goals
for
next
quarter.
D
D
Yeah
just
that,
like
that,
it's
worth
making
sure
that
that
is
explicit
as
an
output
of
this
group
and
that
it's
a
priority
for
the
next
four
weeks.
I
would
say
like
and
to
say
that,
like
the
output
is
going
to
change
over
time-
and
it's
didn't
necessarily
going
to
be
super
vague
for
the
next
week
or
two
but
then
like
in
four
weeks.
We
need
it
to
be
something
that
can
start
being
ingested
by
other
working
groups.
D
A
So
the
the
tosser
andrew
has
in
his
next
section
for
contracting
the
package
maintainer
stooping
to
be
about
using
like
givers,
is
going
to
definitely
form
the
skeleton
of
that
document.
And
then
you
know
as
those
conversations
regress,
it
will
get
more
and
more
concrete
and
then
we'll
have
some
actual
tasks.
So.
B
Yeah
I
mean
what
you
might
find
is.
Some
of
them
are
just
like.
Unless
you
can
give
ways
that
we
can
delete
stuff,
then
it's
never
gonna
happen.
So
that's
a
nice
kind
of
fat
line
of
like
well.
We
have
to
have
a
good
story
about
how
stuff
needs
to
be
suggested
for
a
removal,
whether
on
that,
that
is
a
core
feature
of
ipfs
or
if
that
is
a
application-level
thing
that
still
needs
to
be
some
something
in
there
for.
C
Because,
like
then,
the
question
is
so
there's
a
way
to
do
it
right,
which
is
here's
a
list
of
things
that
you
should
not
resolve
right
like
or
you
should
not
replicate,
and
then
it's
at
the
user
right
in
the
same
way
that,
like
people,
can
go
online
and
find
like
pirated
content
and
nonno
it
like.
Then
it's
upon
the
user,
it's
on
some
company
enforcing
it.
C
So
we
do
have
the
strategy
to
do
that,
but
we
might
want
to
reword
what
we
call
that,
because
he's
like
denialists
or
block
lists
and
like
and
like
it
is
not
yeah
like
I
think
like
for
the
package
managers
that
are
like
a
better
language,
saying:
oh
the
maintainer,
the
lid
of
this,
for
your
convenience.
It's
not
that
the
ipfs
registries
accessor
in
your
view,
or
this
package
yeah.
So
if.
B
You
already
have
it
well
tonight,
but
yeah
Ito
behavior
of
these
things
is
gonna.
Have
such
a
big
impact
that
for
the
edge
case,
people
yeah-
that's
like
that,
doesn't
matter
so
much,
but
the
default
should
be
something
that
makes
sense
for
majority,
because
they're
not
going
to
break
outside
of
it.
D
C
B
C
Once
you
get
that,
then
you
solve
like,
for
example,
Yahoo's
use
case
where
they're
like
whitelist,
so
if
I
could
just
the
PIO
out
to
use
internally
and
so
similarly
the
thing
that,
like
yeah,
like
they're
the
construction
and
lets
you
remove
packages
from
registries,
also
the
one
I'd
like
a
neighbor
companies
to
be
very
happy,
which
is
also
the
one
that,
like
certain
countries,
we
said
that
rigid
rules
will
also
make
like
it'll
work
for
everyone,
depending
where
you
are.
Another
thing,
was
just
respect
without
like
extra
curls
to
make
it
work.
C
So
I
guess.
Second,
on
this
question,
my
other
question
wrote:
this
is
like
how
useful
in
like
the
answer
can
be.
This
is
totally
like
going
nowhere,
but
like
how
useful
is
the
spreadsheet
that
we
kind
of
like
try
to
structure
to
capture
this
information
like
what
are
the
things
that
this
package
managers
do
that,
then
we
need
to
listen
to
make
sure
that
we
can
fulfill
the
requirement
is.
B
Perché
is
not
good,
but
I
think
it
feels
like
there's
more
dimensions
than
fit,
naturally
in
a
spreadsheet,
but
I
think
the
approach
I'm
kind
of
imagining
taking
is
one
to
actually
speak
to
a
few
people
to
be
like
here
are
the
kind
of
like
the
questions
and
they
result
in
columns
I
guess
but
then
trying
to
like.
If
you
just
have
the
spreadsheet
and
you
try
and
compare
between
the
package
managers,
a
lot
of
those
columns
would
be
like
well.
B
That
would
work,
but
we
have
no
Buy
in
from
the
maintainer
z--
to
be
able
to
do
anything
so
trying
to
compare
and
sort
by
giving
columns
won't
necessarily
be
helpful.
It's
more
like
for
each
there's,
a
document
I
have
somewhere
that
is
kind
of
like
groups
of
registries
and
clients.
Together,
we
kind
of
want
to
have
a
story
or
a
some
kind
of
like
document
for
each
one
that
keeps
track
of
like
the
different
approaches
or
attempts
to
do
this
by
independent
people
beforehand.
B
The
conversations
we've
had
with
the
maintainer
z--
any
kind
of
already
like
stats,
that
we've
collected
so
that
when
you
come
to
look
at
one,
you
can
kind
of
then
go
like
here
is
the
current
story,
the
current
situation
and
what
we're
planning
to
do
about
it.
And
then,
when
then,
we
pull
out
like
a
high-level
here.
Are
the
the
groups
of
things
that
fit
with
this,
or
here
is
the
like?
B
D
I
think
you
already
spoke
about
this,
but
your
your
definition
of
clusterings
of
different
package
managers
is
worth
restating
that
so,
like
you've
currently
got
three
levels
of
like
centralized
repository
portable
repository
where
homebrew
style,
it's
bundled
and
then
like
meaningfully
pluggable
repository.
Think
I
can't
remember
the
last
one
was
birth,
yeah.
B
C
Well,
I
just
want
to
say
thank
you
first,
so
much
for
like
explaining
the
reason
and
reasoning
and
the
rationale.
I
can
see
your
point
and
I
agree
with
you
like.
Definitely
it's
very
hard
to
capture
all
this
information
in
this
regime
and
what
I
guess
I
would
say
it
might
be
a
good
experiment
to
do
that,
like
in
a
week's
time
as
you
progress
with
these
discussions
and
as
you
get
the
chance
to
write
down
like
also
your
knowledge
about
all
these
face,
to
create
like
small
artifacts.
C
I
now
know
which,
like
objectives,
which
milestones
I,
could
add
or
remove
from
my
map,
so
that,
like
you,
also
get
some
feedback
because
in
the
end
like
you
are
not
going
to
give
to
working
groups
like
you're
like
we
are
not
going
to
give
to
ten
working
groups.
Ten,
like
fifty
folders
of
that
cage
miners
information
for
them
to
induce
themselves.
So
I
said.
C
B
Bridge
three
types:
where
that
there
can
be
multiple
instances
of
a
registry
even
like
self-hosted
ones
and
then
the
clients
that
would
speak
to
them,
there's
not
many
clients
that
speak
to
different
like
more
than
one
kind
registry.
So
it's
fairly
easy
to
group
them
under
maven
is
a
beast
because
her
there's
many
like
public
popular
registries
and
then
there's
many
clients,
including
like
closure
and
other
like
multiple
programming
languages.
That
are
pointed
at
that.
B
B
Oh
I
also
think
we're
probably
gonna,
ignore
the
Sipan
for
the
moment,
just
because
no
one
is
written,
a
client
in
it,
but
through
then
this
sorts
kind
of
like
keep
building
up
this
story
of
what
all
of
the
different
and
if
requirements
are
for
each
different
package
manager
or
like
group
of
things
and
then
break
them
out
into
like
well.
Here's
the
high-level
summary
of
these
conversations.
We've
had
so
far
and
be
existing
implementations
that
we
know
of.