Re: Non-source Javascript files in upstream source
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 05/07/2014 11:06 AM, Wouter Verhelst wrote:
> I submit that in the case of minified javascript libraries that are
> *already available* in Debian, and that are symlinked (in the way as
> described before) but ship in a source tarball as convenience copies
> *which are not used*, they can.
>
> It is easy to verify whether such minified javascript libraries are
> used: if the binary package does not ship with them, they are not
> used, even if they are in the source package.
One difficulty with this is that it is (potentially) confusing to the
end user.
Specifically, it violates my (pre-this-thread) expectation of what it is
that I get from 'apt-get source'. Prior to reading this thread, it would
never have occurred to me to think that something obtained that way
might not be actually part of the source (or source-documentation, et
cetera) of the binary package; I would have looked at the source, seen
the minified JS file, and expected that it would be used during the
build or in the final "binary". If I needed to modify it, or to trace
code flow through it for debugging purposes, I could have spent a fair
amount of time and effort unnecessarily. I don't think I'm likely to be
alone in this.
I think this is akin to the question of embedded copies of
separately-packaged libraries; I would have been similarly though not
identically misled by the presence of the source of such a library in
the 'apt-get source' result of a non-library package. I believe I've
seen discussions of whether to strip out such code copies here in the
past, though I don't recall what the outcomes may have been.
At minimum, I would think that all such "included but not used" code
should be explicitly documented somewhere (preferably somewhere
relatively visible) in the source package, listing all files - or, when
applicable, directories - which should be ignored because the package
build uses external ones.
- --
The Wanderer
Secrecy is the beginning of tyranny.
A government exists to serve its citizens, not to control them.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCgAGBQJTalQaAAoJEASpNY00KDJrVPMP/3HumvVxXjnnx7TEVCNvm4x+
h2/gVP0+4XjKFuqVpwDuIfws8Vw1/JRdd+W3QMZTRR9+8xET37Wtk6wp/yxCBQkA
kyQY/vVUrgVFxf++0xDvqvh8rRPlDOCNQuHQkz7gUHk7rJDv0shZsI9I+R7JuPU3
7j1srzwJHFazxcFA5WZkeaNQmdcDUA8ZBkS9McbXEDYeS40vO+2fxoT7CaVKYlYc
I3LFTVIiPWZ9AHc+6YjzqNabTZt4CcTNRSs06+LFrpsh21t801LCFcpV2neP+5Im
njbe7WgvOV3ct94Jk2G6d9trD7WjI3/smhaQKbeCywvTG4oghGQhHTM6TaG8kqAY
sirPW+miUiuh8olLyza9CmqM9cO9scYE3prkzpYDpga2iZ8xJBFKFCsj5K8+bfqy
3PIBuUPOahoMLJM/lWMwmqAtuWKpGQ1Ls74TklqsD8bV+rhctkbf1K5XcK7Ibce1
wJSRMBLXaCRT8XIcS1oo9Se4Qdrnykv9JmIJT16jAqvL7SU7tWol6Ym5kEHjJxkX
0qVWUHMgXVRMoLTon9WG2huW9CMGowmzwOIy4LTD8nAxdhupGZlmOtz8LB9QKUgo
xUCOngB4b5bOTEkWouzadvVycT1WBRZh1706iFQJWSguImiM4e1VDGT+3dN+TfNr
9IG04PxvYp/kgpzFfYQo
=YBi4
-----END PGP SIGNATURE-----
Reply to: