Re: Bug#839570: Browserified javascript and DFSG 2 (reopening)
On Thu, Oct 06, 2016 at 02:23:37PM +0200, Didier 'OdyX' Raboud wrote:
>...
> All of the above are imperfections (yes, bugs) in how src:firefox handles its
> internal sqlite3.c code copy. In an ideal world:
>
> * src:sqlite3 would provide sqlite3.c in a binary package (sqlite3-static ?)
> * src:firefox would build-depend against that package, and get rebuilt on
> sqlite3 security uploads
> * firefox would use Built-Using pointing at the correct version of src:sqlite3
The reality in unstable is already even better than your ideal world:
Firefox does already use the shared SQLite library in unstable.
For unstable you could just remove the file from the sources
(and for most other affected packages that would just fix it).
The main problem is that the security team has given up patching
Firefox years ago, and just ships the latest ESR.
SQLite in stable and oldstable is too old for recent Firefox,
and therefore the amalgamation is used in security updates.
>...
> As a conclusion, my point is we aren't talking about the same thing:
>
> * On the src:sqlite3 (in src:firefox) side, we have a giant C file, merely a
> concatenation of source files in Debian, using a script available in Debian,
> all of which is free software.
>
> * On the bug that triggered this discussion (#817092 in libjs-handlebars), we
> have the "browserified" handlebars-v1.3.0.js [2] which a "transformation" of
> source files not in Debian, using tools not in Debian.
No non-amalgamation sources for the exact SQLite version used by Firefox
in jessie are in jessie.
At that point the two cases have strong similarities.[1]
> As was pointed by Phil in [3], although the result is JavaScript code, the
> transformation is more than "just" concatenation. The original source files are
> not available in Debian, and the tools aren't either.
As has already been pointed out, there are several issues mixed in the
"browserified javascript" discussion.
This is a package with several issues, not a generic example.
Does the TC want to be constructive or not?
The TC seeme to have doubts whether or not the constitution allows the
TC to override decisions by the FTP team on DFSG issues.
According to the constitution, the secretary has the power
of interpreting the constitution.
Has the TC already asked the secretary?
If not, why not?
If it would turn out that there is nothing short of a GR to override a
decision of the FTP team on DFSG issues, I would expect the TC to state
explicitely to Pirate Praveen that his only option is a GR.
In any case, and clearly within what the TC could do, it would be
constructive if the TC could become active itself with gathering
a good understanding of the whole problem.
No matter whether this gets resolved by FTP team, TC or GR, the biggest
obstacle currently is that noone has a proper understanding of the whole
problem.
> Cheers,
> OdyX
cu
Adrian
[1] there could be significant differences somewhere, but my current
impression is that the SQLite amalgamation might actually be more
problematic than the basic browserified javascript case
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
Reply to: