[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Finding rough consensus on level of vendoring for large upstreams

On Fri, Sep 03, 2021 at 02:46:20AM +0200, Jonas Smedegaard wrote:
> First of all, thanks for compiling the list of reasonings.

Thanks for taking the time to read through it, I was hoping it would be
a useful observation.

> I get the impression that you are framing current state of embedding as 
> a generally good thing to do, and if I understand that correctly then I 
> disagree with it.

ish? I mostly tried to document current practice rather than have an
opinion on it being good. I do think that the evidence of multiple
independent maintainer teams coming to similar conclusions on the basis
of lack of user benefit and drag on new version velocity indicates the
positive side.

I believe, based on only a day's investigation, that you are in the
minority here. I don't mean that as a bad thing - 1/3 of DDs disagree(d)
with offering non-free alongside main - but I'd like to hear why you
think the maintainers I gave as examples should use their Debian time to
unvendor everything?

> I suspect that it helps if separating reasons for _encouraging_ 
> embedding (tiny upstream projects and deeply integrated sets of 
> upstreams, I guess) from reasons for _discouraging_ embdding (all other 
> cases, I guess).

I think the expanded points I gave empower maintainers to make the best
decision for their own packages. By laying out the permitted reasons
clearly, it's implied other reasons are not valid, but there's probably
something I haven't thought of.

However #907051 also wanted more background on _why_ one might choose
one way or the other, so please do elaborate on this if you can.

> Quoting Phil Morrell (2021-09-03 00:38:35)
> > 5. Where only a small number of unrelated projects are bundled, they
> >    SHOULD be uploaded as separate source packages.
> Concretely I think not I but ftpmaster objects to the above: Node.js 
> packages embed unrelated packages to meet ftpmaster requirement of a 
> minimum size source package.

No, I think Node.js is covered by #7 (large number of deps). With #5 I
was attempting to capture the current policy for when _not_ to bundle.
Thanks for the additional background about why the bundling happens.

Attachment: signature.asc
Description: PGP signature

Reply to: