[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#877212: [Pkg-javascript-devel] Bug#877212: node-d3-color: B-D npm not available in testing

On Thu, 05 Oct 2017 12:39:42 -0500, Gunnar Wolf wrote:

> Ian Jackson dijo [Thu, Oct 05, 2017 at 01:29:16PM +0100]:
> > I have also heard of packages which do "apt-get source" in their rules
> > files.
> > Of course it would be better if we had a more declarative way of
> > saying "this package needs foo.deb to build - and we mean the .deb,
> > not for foo to be installed", and the corresponding "this package
> > needs the source code for bar".  But this is rather a niche, and it
> > doesn't seem to cause trouble in practice.  So AFAICT it's no-one
> > priority.
> UGH.
> I am not convinced this use case should be supported - Even if the
> software providers are ourselves, which we trust not to trojan our own
> goodies, this still allows for a great deal of nondeterminism. If the
> "apt-get source"d package is updated, the build might not work anymore
> or might yield different results. 

True but this is the same as when a package in Build-Depends(-Indep)

In practice I've had the case where an unpacked .deb (instead of an
installed one) would have been enough, and I also have a use case for
a source package: libdatetime-timezone-perl could be binNMUd [0]
against newer versions of the tzdata source package instead of
someone manually doing the dance of downloading the tzdata upstream
tarballing, turning it into .pm files and creating a huge quilt


[0] if we had binNMUs for arch:all packages

 .''`.  https://info.comodo.priv.at/ - Debian Developer https://www.debian.org
 : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D  85FA BB3A 6801 8649 AA06
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Willi Resetarits + Stubnblues: de w

Attachment: signature.asc
Description: Digital Signature

Reply to: