[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Non-source Javascript files in upstream source

Wouter Verhelst <wouter@debian.org> writes:

> Op vrijdag 2 mei 2014 15:58:37 schreef Paul Tagliamonte:
> > If you were to 'update' the image, how would you do it? What things
> > would you need? Include that. Think about what you'd need when you
> > fork the project.
>
> Does that mean I should include "wget"?

I'm sure you know this, and I am having difficulty interpreting your
question in good faith. But in case you actually don't know:

Paul is referring, by “what things do you need?”, not to tools used, but
to the *form of the work* for making modifications to it. Clearly the
“wget” program is not a form of any work except the “wget” program.

As an aside to Paul: This is a prime example why a clear definition of
“source” in terms of the “form of the work” is needed: you need to be
clear you're talking about a specific *form of the work*; in particular,
the preferred form of the work for making modifications to it.

> Most minified externally-produced javascript files are just downloaded 
> verbatim off the web.

How can we verify which ones are verbatim copies, automatically for
every release of the source package? If we don't verify, we can't assert
with confidence that some particular minified file actually matches, in
every detail of behaviour, a version for which we distribute source.

> I agree with the sentiment that we should provide source "in Debian"
> for everything that's actually useful for our users.

Do you agree that nobody except the recipient gets to decide what they
find useful?

Or would you arrogate to the Debian project the power to deny the fact
that a recipient may find a Debian source package useful in itself?

> If a dependency and a symlink exists, however, it's clear that the
> maintainer meant to say "source is over there".

The maintainer may intend that to be true. Without independent automated
verification, we are merely guessing and hoping. How can we verify
independently that no such assertion is false? I've described a means
that is certain and simple: discard the non-source form from the source
package.

-- 
 \          “Instead of a trap door, what about a trap window? The guy |
  `\      looks out it, and if he leans too far, he falls out. Wait. I |
_o__)                guess that's like a regular window.” —Jack Handey |
Ben Finney
Reply to: