Re: How to deal with "assets" packages shadowing real upstream

To: debian-devel@lists.debian.org
Subject: Re: How to deal with "assets" packages shadowing real upstream
From: Pirate Praveen <praveen@onenetbeyond.org>
Date: Mon, 7 Mar 2016 17:55:19 +0530
Message-id: <[🔎] 56DD732F.1010803@onenetbeyond.org>
In-reply-to: <[🔎] 145734654491.5294.16408166868171568660@auryn.jones.dk>
References: <145651316966.24887.17820985410203863222@auryn.jones.dk> <[🔎] 56DD4983.9060404@onenetbeyond.org> <[🔎] 145734654491.5294.16408166868171568660@auryn.jones.dk>

On Monday 07 March 2016 03:59 PM, Jonas Smedegaard wrote:
> Thanks for your clarifications - they seem to confirm that you were, 
> and still intend to be, pragmatic - e.g. track the real upstream only 
> when strongly encouraged to do so.
> 

I don't think there is much benefit to enforce this rule for every case
than increase the burden of maintaining already challenging rails packages.

There is neither duplication of code, nor bit rot here. The js code is
separated as its own package and the its corresponding rubygem is
regularly updated.

In case of rails-assets-* gems, they are auto-generated from their bower
packages and the security concern would be only about rails-assets.org
service.

In case of diaspora, the rails-assets-* (there are more wrapper packages
than this) packages it needs are,

ruby-rails-assets-diaspora-jsxc (>= 0.1.4~),
 ruby-rails-assets-jquery-colorbox (>= 1.6.3~),
 ruby-rails-assets-favico.js (>= 0.3.9~dfsg-2~),
 ruby-rails-assets-jquery-fullscreen-plugin,
 ruby-rails-assets-jquery,
 ruby-rails-assets-markdown-it (>= 5.0.2~),
 ruby-rails-assets-markdown-it-hashtag (>= 0.4.0~),
 ruby-rails-assets-markdown-it-diaspora-mention (>= 0.4.0~),
 ruby-rails-assets-markdown-it-sanitizer (>= 0.4.1~),
 ruby-rails-assets-markdown-it--markdown-it-for-inline,
 ruby-rails-assets-markdown-it-sub,
 ruby-rails-assets-markdown-it-sup,
 ruby-rails-assets-highlightjs (>= 8.9.1~),
 ruby-rails-assets-jeresig-jquery.hotkeys (>= 0.2.0-3~),
 ruby-rails-assets-jquery-idletimer,
 ruby-rails-assets-jquery-placeholder (>= 2.1.3~),
 ruby-rails-assets-jquery-textchange,
 ruby-rails-assets-perfect-scrollbar (>= 0.6.7~),
 ruby-rails-assets-perfect-scrollbar (<< 0.7),
 ruby-rails-assets-jakobmattsson-jquery-elastic,

Out of the 20 packages listed here, 9 of the corresponding js packages
have only the ruby-rails-assets as reverse dependencies.
ruby-rails-assets-jquery-colorbox some and ruby-rails-assets-jquery has
many reverse dependencies. Others are likely to be used by diaspora only.

If someone volunteers to package original upstream, I'd be happy to use
them instead.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- Re: How to deal with "assets" packages shadowing real upstream
  - From: Pirate Praveen <praveen@onenetbeyond.org>
- Re: How to deal with "assets" packages shadowing real upstream
  - From: Jonas Smedegaard <dr@jones.dk>

Prev by Date: Bug#817028: RFP: dolphin -- [SHORT DESCRIPTION]
Next by Date: Re: How to deal with "assets" packages shadowing real upstream
Previous by thread: Re: How to deal with "assets" packages shadowing real upstream
Next by thread: Re: How to deal with "assets" packages shadowing real upstream
Index(es):
- Date
- Thread