[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing

Ian Jackson dijo [Thu, Oct 05, 2017 at 01:29:16PM +0100]:
> I have also heard of packages which do "apt-get source" in their rules
> files.
> I think that both of these activities are reasonable things to do.
> They don't violate the self-containedness of Debian.  If they are
> technically forbidden by policy then policy should be changed.  There
> should be an exception saying that a package build may access the
> Debian archive (and ideally it should specify how this should be
> done.)  If someone cares enough to document this situation then they
> can file the bug against policy.
> Of course it would be better if we had a more declarative way of
> saying "this package needs foo.deb to build - and we mean the .deb,
> not for foo to be installed", and the corresponding "this package
> needs the source code for bar".  But this is rather a niche, and it
> doesn't seem to cause trouble in practice.  So AFAICT it's no-one
> priority.


I am not convinced this use case should be supported - Even if the
software providers are ourselves, which we trust not to trojan our own
goodies, this still allows for a great deal of nondeterminism. If the
"apt-get source"d package is updated, the build might not work anymore
or might yield different results. 

Reply to: