[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Lots and lots of tiny node.js packages

I see that a similarly large number of smallish libraries are getting
packaged for golang.  When I first looked into it, and maybe it's
still the case, these were only to allow other Debian packages written
in Go to be compiled; developers were still encouraged to use the Go
package ecosystem ("go get ...").  And whenever I've built node
programs, I also just use "npm install ..." rather than looking for a
Debian package.

If that's the primary use case, then perhaps there could be a simpler
way to deal with the dependencies of node and Go projects than
packaging each of them for a mostly nonexistent developer audience.
We could just make snapshots of the versions (obtained via "go get" or
"npm install") used to build the end-user packages, for
auditing/security/reproducibility purposes. These could be stored in a
well-defined place in the Debian archives, without "exporting" them
via .deb files, Packages entries, etc.

Eric Cooper             e c c @ c m u . e d u

Reply to: