Re: "Browserified" stuff

To: Adam Borowski <kilobyte@angband.pl>
Cc: debian-devel@lists.debian.org
Subject: Re: "Browserified" stuff
From: Joerg Jaspert <joerg@debian.org>
Date: Mon, 10 Oct 2016 21:36:57 +0200
Message-id: <[🔎] 87bmys0zdy.fsf@gkar.ganneff.de>
Mail-followup-to: Adam Borowski <kilobyte@angband.pl>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20161009215612.GA24728@angband.pl> (Adam Borowski's message of "Sun, 9 Oct 2016 23:56:12 +0200")
References: <[🔎] 87d1jblx6y.fsf@gkar.ganneff.de> <[🔎] 20161009215612.GA24728@angband.pl>

On 14455 March 1977, Adam Borowski wrote:
> On Sat, Oct 08, 2016 at 10:45:08PM +0200, Joerg Jaspert wrote:
>> we had a discussion inside the FTP Team about the "browserified js"
>> issue. We understand that "browserified" refers to various changes to
>> the original source, from concatenating multiple (local and remotely
>> fetched) files together, arbitary transformations (down to something
>> akin to compilation), minifying and others. Not all "browserification"
>> may necessarily use all of those ways.
> [...]
>> - We acknowledge that it appears to be a big task to provide a proper
>>   "browserification" environment within Debian. Due to the freeze coming
>>   up we would understand the Release Team granting an RC exception for
>>   stretch for such non-sources already in main, with the condition that
>>   this will not extend to another release.
> Could you please suggest some stick to ensure that the condition you mention
> is actually enforced?  I've got an impression that once a RC exception is
> granted, it stays forever, renewed around every freeze.

First of they have to grant it. I have no idea if they do or not, not
having asked them at all.
Second - the enforcing will have to come from us ftpmasters - by
removing the packages at some point, if they don't get fixed.

> Another issue is, as mentioned in the TC discussion, the inability to fix
> any non-trivial security bugs in stable.  I can't quite imagine the Security
> Team hunting for a specific old version of grunt and all of its extensive
> dependencies to rebuild the buggy package.  Such state hits the definition
> of "contrib" exactly, why not actually use it for this purpose?  Demotion of
> libjs-handlebars would require changing or demoting two more packages:
> prometheus and kcov, which would be a hassle but not the end of the world.

I would understand the security team to define them as "not supported
(unless the maintainer does all the work)", and yes, contrib is IMO the
way better place for them.

-- 
bye, Joerg
<_DeadBull_> ohne speicher, tastatur, mouse, pladde, monitor, also nur die
	Hardware...

Reply to:

References:
- "Browserified" stuff
  - From: Joerg Jaspert <joerg@debian.org>
- Re: "Browserified" stuff
  - From: Adam Borowski <kilobyte@angband.pl>

Prev by Date: Re: problem with libc6 / iconv
Next by Date: Re: "Browserified" stuff
Previous by thread: Re: "Browserified" stuff
Next by thread: problem with libc6 / iconv
Index(es):
- Date
- Thread