Vincent Bernat <bernat@debian.org> writes: > ❦ 25 août 2015 22:46 +0100, Steve McIntyre <steve@einval.com> : > >>>Notably, one of the tool is Grunt and its myriad of plugins. Even if >>>Grunt was in Debian, we would also need Gulp, then Broccoli, because in >>>Javascript, there is always someone thinking that it should be possible >>>to do better. We need to leave the Javascript ecosystem mature a bit >>>more but in the meantime, a bit of tolerance would be appreciated for >>>the some of us needing to package some javascript bits. >> >> Why should we be tolerating setups where it's not clear that we can >> reproduce what's being shipped? > > We have done that for years for autoconf stuff. I believe that has proven many times to be a terrible idea, and it still causes frustration and may cause security problems when the generated code contains a bug (recall the automake chmod bug?). Many packages now use dh --with autoreconf as a result. I don't think using the autoconf mess in Debian is a good excuse to make the same mistake with JavaScript. /Simon
Attachment:
signature.asc
Description: PGP signature