Vincent Bernat <bernat@debian.org> writes:
> 28 août 2015 01:46 GMT, Bas Wijnen <wijnen@debian.org> :
>
>> Or alternatively, by packaging the minifier that is being used with the package
>> that needs it. Yes, that's a horrible idea with lots of code duplication, but
>> if I understand the problem, every JS file must be minified with the exact
>> version of the minifier that upstream used, so then every package would have
>> its own unique package that it depends on, and in that case they can just be
>> merged. But it can't really be that bad, right?
>
> Here is the dependency graph of jQuery (only to build it!):
>
> jquery@3.0.0-pre /home/bernat/src/jquery
[ very long list ]
> ├─┬ grunt-contrib-jshint@0.11.2
...
> │ └─┬ jshint@2.8.0
^^^^^^^^^^^^
I don't know much about this, but I do know that that is a version that
contains code licensed under the "Do No Evil" license of JSlint:
https://github.com/jshint/jshint/blob/e6611af2d180bd2317d5762e85807a481de99ccb/src/jshint.js#L19
Of course, there is an effort to address this problem, and I've seen
claims that there's a way of getting the same code without that clause
via apache, but that version is not it.
Also of course, JShint is almost certainly not really needed to package
this stuff, so your dependency graph includes optional bits that make
things look much worse than they probably are.
Until some effort is put into taming this beast we'll never know how
unmanageable this really is. If you're right, and it is impossible,
then who knows what other licensing wrinkles are hiding in this mess.
You seem to be advocating sweeping this under the carpet, but by doing
that you're advocating relying on non-DFSG, unpackaged tools for
building main.
Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
|-| http://www.hands.com/ http://ftp.uk.debian.org/
|(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature