[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "Browserified" stuff

On Sat, Oct 08, 2016 at 10:45:08PM +0200, Joerg Jaspert wrote:
> we had a discussion inside the FTP Team about the "browserified js"
> issue. We understand that "browserified" refers to various changes to
> the original source, from concatenating multiple (local and remotely
> fetched) files together, arbitary transformations (down to something
> akin to compilation), minifying and others. Not all "browserification"
> may necessarily use all of those ways.
> - We acknowledge that it appears to be a big task to provide a proper
>   "browserification" environment within Debian. Due to the freeze coming
>   up we would understand the Release Team granting an RC exception for
>   stretch for such non-sources already in main, with the condition that
>   this will not extend to another release.

Could you please suggest some stick to ensure that the condition you mention
is actually enforced?  I've got an impression that once a RC exception is
granted, it stays forever, renewed around every freeze.

Another issue is, as mentioned in the TC discussion, the inability to fix
any non-trivial security bugs in stable.  I can't quite imagine the Security
Team hunting for a specific old version of grunt and all of its extensive
dependencies to rebuild the buggy package.  Such state hits the definition
of "contrib" exactly, why not actually use it for this purpose?  Demotion of
libjs-handlebars would require changing or demoting two more packages:
prometheus and kcov, which would be a hassle but not the end of the world.

A MAP07 (Dead Simple) raspberry tincture recipe: 0.5l 95% alcohol, 1kg
raspberries, 0.4kg sugar; put into a big jar for 1 month.  Filter out and
throw away the fruits (can dump them into a cake, etc), let the drink age
at least 3-6 months.

Reply to: