Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing

To: Gunnar Wolf <gwolf@debian.org>
Cc: Ian Jackson <ijackson@chiark.greenend.org.uk>, Simon McVittie <smcv@debian.org>, debian-devel@lists.debian.org
Subject: Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 5 Oct 2017 19:21:41 +0100
Message-id: <[🔎] 22998.30773.474335.493106@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20171005173942.ylgjvmvjbju6yb72@gwolf.org>
References: <[🔎] 20171003044027.juwpqoj75l4tlafk@gwolf.org> <150670584355.10563.10238760966760741232.reportbug@zam581.zam.kfa-juelich.de> <[🔎] 85d3c42b-858f-2221-3fa3-326fb51e822a@onenetbeyond.org> <[🔎] 20171003173448.rqv427pr3ag7i45z@gwolf.org> <[🔎] CAJxTCxwAdZn9HxvdGgKcn-5TetD6YYrLgodHKF=DtsSVHVdmXg@mail.gmail.com> <[🔎] 87efqjbmgc.fsf@iris.silentflame.com> <[🔎] 87lgkrfgvy.fsf@whist.hands.com> <[🔎] 2478f9ec-71e1-1393-36b5-147c9dd8bfcf@onenetbeyond.org> <[🔎] 20171004125835.zxy22zkgjv6k5mbp@perpetual.pseudorandom.co.uk> <[🔎] 22998.9628.883411.733973@chiark.greenend.org.uk> <[🔎] 20171005173942.ylgjvmvjbju6yb72@gwolf.org>

Gunnar Wolf writes ("Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing"):
> Ian Jackson dijo [Thu, Oct 05, 2017 at 01:29:16PM +0100]:
> > I think that both of these activities are reasonable things to do.
> > They don't violate the self-containedness of Debian.  If they are
> > technically forbidden by policy then policy should be changed.  There
> > should be an exception saying that a package build may access the
> > Debian archive (and ideally it should specify how this should be
> > done.)  If someone cares enough to document this situation then they
> > can file the bug against policy.
> > 
> > Of course it would be better if we had a more declarative way of
> > saying "this package needs foo.deb to build - and we mean the .deb,
> > not for foo to be installed", and the corresponding "this package
> > needs the source code for bar".  But this is rather a niche, and it
> > doesn't seem to cause trouble in practice.  So AFAICT it's no-one
> > priority.
> 
> UGH.
> 
> I am not convinced this use case should be supported - Even if the
> software providers are ourselves, which we trust not to trojan our own
> goodies, this still allows for a great deal of nondeterminism. If the
> "apt-get source"d package is updated, the build might not work anymore
> or might yield different results.

The source packages used should be tracked, and controlled, so that
the build can be reproduced.  Actually doing that is probably a todo
list item but it seems essential to me.

I think there are already packages that do this.  And (as discussed)
d-i does the same with .debs.  We can use the same mechanism.

The point is not that Debian is a magical source of goodness here.  It
is that _the place where the build-deps are being satisfied_ is a
magical place of goodness.  It's just that our ways to handle
build-time-computed build-deps on uninstalled binaries, or on sources,
are not particularly mature.

Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to:

References:
- Re: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Gunnar Wolf <gwolf@debian.org>
- Re: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Pirate Praveen <praveen@onenetbeyond.org>
- Re: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Gunnar Wolf <gwolf@debian.org>
- Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Jérémy Lal <kapouer@melix.org>
- Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Philip Hands <phil@hands.com>
- Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Pirate Praveen <praveen@onenetbeyond.org>
- Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Simon McVittie <smcv@debian.org>
- Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
  - From: Gunnar Wolf <gwolf@debian.org>

Prev by Date: Re: Removal of upstart integration
Next by Date: Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
Previous by thread: Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
Next by thread: Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing
Index(es):
- Date
- Thread