[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: What can Debian do to provide complex applications to its users?

> What do you think? Do you have other ideas? Are there other persons
> who are annoyed by the current situation?
Yes, indeed. I am more a simple user of Debian than a real Debian
Developer, but my feeling is paradoxical.
On one hand, I'd love to see some complex application in Debian, or at
least most of its dependencies.
On the other hand, I can only be angry against people than only release
minified source. The usual answer to this is "performance" or "everyone
does this". The debate has been opened for a long time, but a
minification operation is somewhat like a compilation: it is hard to get
the human readable form from it.
So I'd vote "no" to relax, even if some application are taken out.

As an example, there is this grafana issue on
https://github.com/grafana/grafana/issues/5046. The usual answer:
>  torkelo commented on 15 May 2016
> Github source tar has never been 100% comprehensive, Grafana has
> always required "npm install" to build (like most web apps)

This is incredibly dangerous since the build rely on NPM repository
which is far from trusty. And it relies on minified files everywhere,
that break the social contract. I installed Grafana on my Debian/testing
when the package was available, because then I knew it could be trusted.
Now, it is more appealing than before (Grafana is a good software), but
trust has gone away.

It is true that software are harder to review nowadays, because they
rely on lots of libraries. But there is a real difference to me between
"hard" and "impossible".

For the JavaScript world, a solution would require a well-known standard
about minification and optimization. The WebAssembly is coming, and this
will worst.

Reply to: