|Title||Archiving edX GitHub Repositories|
|Author||Christina Roberts <firstname.lastname@example.org> Feanil Patel <email@example.com>|
|Arbiter||Nimisha Asthagiri <firstname.lastname@example.org>|
|References||ORA PR Discussion, Initial Archiving Discussions|
The edx organization contains a large number of repositories, most of which are active and maintained, but some of which are now obsolete. To clarify the status of repositories, a process for archiving a repository is defined below.
Recently openedx.yaml files were added to edX repositories per OEP-2. In the course of deciding owners for those repositories, there was an ORA PR Discussion about how best to handle deprecated or obsolete repositories. In particular, do obsolete repositories need owners, and how can repositories be clearly marked as present for archive purposes only?
This discussion resurfaced related to edX’s usage of Gemnasium to report the usage of third-party libraries that have known security issues. All repositories under the edX organization were being monitored, but this added noise when trying to understand the number of third-party library updates required for actively maintained repositories.
When a repository under the edx organization will no longer be maintained because it is no longer in use, the following steps should be followed.
First, if the repository is public, and a part of Open edX releases, follow these steps to see if anyone would like to take ownership of it:
openedx-releasekey if it is present.
[ARCHIVED]and for the repository to be archived per GitHub’s archive process
Include this statement in the README.rst file:
This repository has been archived and is no longer supported—use it at your own risk. This repository may depend on out-of-date libraries with security issues, and security updates will not be provided. Pull requests against this repository will also not be merged.
If the repository is a fork of an upstream repository that is not within the edX organization, and will no longer be maintained, it can be transferred to the edx-unsupported organization.
The reason we transfer forks, but archive our original code, is so that GitHub searches will still find code we authored. We don’t delete the forks because they are still needed by older unsupported Open edX installations.
The proposed process leverages the already-existing
archived flag in
openedx.yaml. It does not require introducing a new organization that is
maintained by edX, and the source code remains easily visible and searchable
(see Rejected Alternatives).
This proposal does not introduce any backward compatibility issues.
There are a couple variations of this proposal that were originally discussed in Initial Archiving Discussions. Many of the steps of updating documentation and notifying the open source community are essentially the same; the major differences from the proposed process are outlined below.
Transfer the obsolete repository to a new organization: edx-archived.
We now use the edx-unsupported organization for forks that we no longer maintain.
Move the code from the master branch to an archived branch, while leaving the repository itself within edx organization.