[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing

On ചൊവ്വ 03 ഒക്ടോബര്‍ 2017 10:10 രാവിലെ, Gunnar Wolf wrote:
> I am completely with Sean here; I read the following messages, and am
> happy a better resolution was found. But, FWIW, I'll support Sean's
> interpretation - Contrib and non-free are *not* places where we can
> happily breach any bits of policy; they are exclusively for things
> that cannot be shipped in Debian Main due to their DFSG status.

I cannot accept arbitrary interpretations of policy. When build tools
are not available in main, they cannot go to main, and if the software
itself is Free Software, it can go to contrib. If you disagree, please
get the policy clarified. As per the current policy, these packages
clearly qualified for contrib and these were already accepted by ftp
masters into the archive. You could go to CTTE and challenge the
decision of ftp masters.

Alternatively, those who care enough about the issue can help get these
tools into main. I have been doing just that over the last years (grunt,
gulp, babel, jison, webpack to name a few, each with 100s of
dependencies) so many of the packages currently in main could go there.
Since the tools are just so many and the people packaging them are
handful, it will take quite a while for all these tools to be in main
and I'm going to continue using contrib for these packages until that time.

You can also check the record of people who are most vocal over the
issue (not just in this thread, but in earlier discussions about
handlebars/dfsg/browserify) and compare who is helping fix the issue and
who is just talking.

> And, yes, network access during a build... Is a clear no-go. Specially
> if as a project we are committed to this so neat Reproducible Builds
> thingy that has made so many among us proud to be part a project where
> an ages-long problem is finally being tackled - And quite
> successfully, even!

I thought building these things (making sure the source corresponds to
the distributed binaries), though using tools outside archive, was
preferred over shipping pre-built binaries. But it seems shipping
pre-built binaries are preferred. It looks to me like a misplaced
compromise, but I will follow this advice and ship pre-built binaries
next time without building them using npm.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: