|Title||Archiving edX Github Repositories|
|Author||Christina Roberts, email@example.com|
|Arbiter||Eddie Fagin, firstname.lastname@example.org|
|References||ORA PR Discussion, Initial Archiving Discussions|
The edx organization contains a large number of repositories, most of which are active and maintained, but some of which are now obsolete. To clarify the status of repositories, a process for archiving a repository is defined below.
Recently openedx.yaml files were added to edX repositories per OEP-2. In the course of deciding owners for those repositories, there was an ORA PR Discussion about how best to handle deprecated or obsolete repositories; in particular, do obsolete repositories need owners, and how can repositories be clearly marked as present for archive purposes only?
This discussion resurfaced related to edX’s usage of Gemnasium to report the usage of third-party libraries that have known security issues. All repositories under the edX organization were being monitored, but this added noise when trying to understand the number of third-party library updates required for actively maintained repositories.
When a repository under the edx organization will no longer be maintained because it is no longer in use, the following steps should be followed.
First, if the repository is public, follow these steps to see if anyone would like to take ownership of it:
archived: Trueto openedx.yaml (creating the file if necessary). Note that it is not necessary for the openedx.yaml file to define an owner when archived is set to True.
In the future, the step of changing the monitored status of a repository in
Gemnasium could be automated using Gemansium APIs and keying off of the
archived value in openedx.yaml.
Include this statement in the README.rst file:
This repository has been archived and is no longer supported—use it at your own risk. This repository may depend on out-of-date libraries with security issues, and security updates will not be provided. Pull requests against this repository will also not be merged.
If the repository is a fork of an upstream repository that is not within the edX organization, and will no longer be maintained, it can be deleted with the following steps.
The proposed process leverages the already-existing
archived flag in
openedx.yaml. It does not require introducing a new organization that is
maintained by edX, and the source code remains easily visible and searchable
(see Rejected Alternatives).
This proposal does not introduce any backward compatibility issues.
There are a couple variations of this proposal that were originally discussed in Initial Archiving Discussions. Many of the steps of updating documentation and notifying the open source community are essentially the same; the major differences from the proposed process are outlined below.
Transfer the obsolete repository to a new organization: edx-archived.
Move the code from the master branch to an archived branch, while leaving the repository itself within edx organization.