Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
Ian Jackson dijo [Thu, Oct 05, 2017 at 01:29:16PM +0100]:
> I have also heard of packages which do "apt-get source" in their rules
> files.
>
> I think that both of these activities are reasonable things to do.
> They don't violate the self-containedness of Debian. If they are
> technically forbidden by policy then policy should be changed. There
> should be an exception saying that a package build may access the
> Debian archive (and ideally it should specify how this should be
> done.) If someone cares enough to document this situation then they
> can file the bug against policy.
>
> Of course it would be better if we had a more declarative way of
> saying "this package needs foo.deb to build - and we mean the .deb,
> not for foo to be installed", and the corresponding "this package
> needs the source code for bar". But this is rather a niche, and it
> doesn't seem to cause trouble in practice. So AFAICT it's no-one
> priority.
UGH.
I am not convinced this use case should be supported - Even if the
software providers are ourselves, which we trust not to trojan our own
goodies, this still allows for a great deal of nondeterminism. If the
"apt-get source"d package is updated, the build might not work anymore
or might yield different results.
Reply to: