Comments (7)
We have created an issue in Pivotal Tracker to manage this. You can view the current status of your issue at: https://www.pivotaltracker.com/story/show/114424769.
from nodejs-buildpack.
Hey @TuckerWhitehouse we like the idea of giving users the ability to deploy an app and have it "automagically" connect to the newrelic service, however aren't keen on the idea that the binary exists in the buildpack. Here's an outline of some challenges:
Licensing
In order to support a 3rd party vendor with a redistribution license that is incompatible with Cloud Foundry’s needs:
A legal process would need to take place to remedy the licensing incompatibility.
In the case where a vendor refuses to modify their licensing:
- The vendor could fork the buildpack, and add their binary blob. This creates new challenges listed under “Forking”
- The creation of a new, private buildpack supported by a Cloud Foundry Certified Provider would take place to support the vendor’s application and licensing.
Security
- Currently, the Cloud Foundry buildpack team is responsible for responding to security vulnerabilities. If a vendor binary is added to a buildpack the responsibility then falls on the vendor. If the vendor lags in supplying a new binary, it could leave applications utilizing the buildpack vulnerable.
Forking
- When a buildpack is forked the responsibility of maintaining the buildpack and its dependencies falls upon the project forker. If a buildpack is not kept up-to-date it can contain unpatched security flaws.
We're currently researching a solution that would still enable the user the magic the java buildpack provides, but without having the binary in the buildpack.
from nodejs-buildpack.
I'm sorry, but haven't these issues already been resolved in respect to the java buildpack, or is the licensing and security somehow different when it applies to node?
from nodejs-buildpack.
Hey @TuckerWhitehouse we've discussed this issue and are considering this request
from nodejs-buildpack.
Any news to share on this?
from nodejs-buildpack.
@aloismayr thanks for reaching out, no news as of yet.
from nodejs-buildpack.
We would be open to receiving a pull request from the team at New Relic or from the community. At this point we do not have any plans on performing this line of work ourselves.
from nodejs-buildpack.
Related Issues (20)
- Weird no space left error when pushing nextjs app HOT 1
- nodejs_buildpack-v1_8_14 errors
- Deployment of native binary and node addon fails HOT 1
- Release: nodejs-buildpack (Nov) HOT 3
- Please keep nodejs 18.18.0 until bug in nodejs >= 18.18.2 is fixed (50263) HOT 1
- Go is downloaded multiple times HOT 2
- Release: nodejs-buildpack (Dec) HOT 1
- BOSH configured custom trusted certificate support
- Build pack fails on installing any new modules HOT 1
- Need a nginx buildpack with "stream_ssl_module" enabled
- Release: nodejs-buildpack (Jan) HOT 1
- Release: nodejs-buildpack (Feb) HOT 1
- Release: nodejs-buildpack (02-29) HOT 1
- Release: nodejs-buildpack (Mar)
- Release: nodejs-buildpack (03-14) HOT 1
- Release: nodejs-buildpack (03-28) HOT 1
- Release: nodejs-buildpack (04-11) HOT 1
- Release: nodejs-buildpack (04-25) HOT 1
- Release: nodejs-buildpack (05-30) HOT 1
- Bun support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nodejs-buildpack.