Bundle newrelic, similar to the java buildpack? about nodejs-buildpack HOT 7 CLOSED

We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/114424769.

from nodejs-buildpack.

Hey @TuckerWhitehouse we like the idea of giving users the ability to deploy an app and have it "automagically" connect to the newrelic service, however aren't keen on the idea that the binary exists in the buildpack. Here's an outline of some challenges:

Licensing

In order to support a 3rd party vendor with a redistribution license that is incompatible with Cloud Foundry’s needs:
A legal process would need to take place to remedy the licensing incompatibility.
In the case where a vendor refuses to modify their licensing:

• The vendor could fork the buildpack, and add their binary blob. This creates new challenges listed under “Forking”
• The creation of a new, private buildpack supported by a Cloud Foundry Certified Provider would take place to support the vendor’s application and licensing.

Security

• Currently, the Cloud Foundry buildpack team is responsible for responding to security vulnerabilities. If a vendor binary is added to a buildpack the responsibility then falls on the vendor. If the vendor lags in supplying a new binary, it could leave applications utilizing the buildpack vulnerable.

Forking

• When a buildpack is forked the responsibility of maintaining the buildpack and its dependencies falls upon the project forker. If a buildpack is not kept up-to-date it can contain unpatched security flaws.

We're currently researching a solution that would still enable the user the magic the java buildpack provides, but without having the binary in the buildpack.

from nodejs-buildpack.

I'm sorry, but haven't these issues already been resolved in respect to the java buildpack, or is the licensing and security somehow different when it applies to node?

from nodejs-buildpack.

Hey @TuckerWhitehouse we've discussed this issue and are considering this request

from nodejs-buildpack.

Any news to share on this?

from nodejs-buildpack.

@aloismayr thanks for reaching out, no news as of yet.

from nodejs-buildpack.

We would be open to receiving a pull request from the team at New Relic or from the community. At this point we do not have any plans on performing this line of work ourselves.

from nodejs-buildpack.