[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1005328: RM: uglifyjs/2.8.29-8



On 2022-02-11 14:48:00 +0100, Jonas Smedegaard wrote:
> Quoting Sebastian Ramacher (2022-02-11 13:24:16)
> > Control: tags -1 moreinfo
> > 
> > On 2022-02-11 12:08:52 +0100, Jonas Smedegaard wrote:
> > > Package: release.debian.org
> > > Severity: normal
> > > User: release.debian.org@packages.debian.org
> > > Usertags: rm
> > > X-Debbugs-Cc: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
> > > 
> > > uglifyjs v2 was last updated upstream in 2017, and has no real
> > > maintainer in Debian since December 2020 - see bug#958117
> > > 
> > > The package should not be released with bookworm, but may still have
> > > reverse (build-)dependencies, and I therefore request removal only from
> > > testing for now.  Please advice if another approach is more sensible.
> > 
> > So this is the same request as #968137. The current situation is:
> > 
> > I: [2022-02-11T12:19:15+0000] - trying: -uglifyjs
> > I: [2022-02-11T12:19:15+0000] - skipped: -uglifyjs (0, 33, 62)
> > I: [2022-02-11T12:19:15+0000] -     got: 123+0: a-3:a-0:a-0:a-0:i-119:m-0:m-0:p-0:s-1
> > I: [2022-02-11T12:19:15+0000] -     * amd64: rails, ruby-uglifier 
> 
> Package requested for removal is src:uglifyjs, building binary package 
> node-uglify which provides virtual package uglifyjs.
> 
> Packages (build-)depending (unversioned or with only lower bounds) on 
> "uglifyjs" should _not_ break: Such dependency is satisfied by package 
> src:uglify-js, building binary package uglifyjs.
> 
> (i.e. there are 2 packages, one with and one without dash)
> 
> 
> > Checking reverse dependencies...
> [ false positive satisfied by src:uglify-js snipped ]
> 
> > ruby-uglifier: ruby-uglifier
> 
> Current upstream code FTBFS with Uglifyjs: see bug#981224
> 
> v2 branch currently in Debian unstable last update upstream in 2015: 
> https://github.com/lautis/uglifier/tags?after=v3.0.0
> 
> 
> > # Broken Build-Depends:
> [ false positives satisfied by src:uglify-js snipped ]
> 
> > class.js: node-uglify
> 
> Bug#979888
> 
> > flightgear-phi: node-uglify
> 
> Bug#979902
> 
> > jquery-coolfieldset: node-uglify
> 
> Bug#979906
> 
> > jquery-lazyload: node-uglify
> 
> Bug#979911
> 
> > jquery-reflection: node-uglify
> 
> Bug#979907
> 
> > jquery-watermark: node-uglify
> 
> Bug#979943
> 
> > jquery-caret.js: node-uglify
> 
> Bug#979934
> 
> > jquery-simpletreemenu: node-uglify
> 
> Bug#979940
> 
> > jquery-throttle-debounce: node-uglify
> 
> Bug#979886
> 
> > raphael: node-uglify (>= 1.1.1-2~)
> 
> Bug#979937
> 
> > ruby-rails-assets-favico.js: node-uglify
> 
> Bug#979962
> 
> > ruby-rails-assets-jquery-fullscreen-plugin: node-uglify
> 
> Bug#979955
> 
> > ruby-rails-assets-perfect-scrollbar: node-uglify
> 
> Bug#979936
> 
> > ruby-uglifier: libjs-uglify
> 
> (see reasons at build-dependency above)
> 
> > slick: node-uglify
> 
> Bug#979954
> 
> > sockjs-client: node-uglify (>= 2.0)
> 
> Bug979958
> 
> 
> > If you want to get uglifyjs removed from testing, there needs to be an 
> > upgrade path to uglify-js 3.15.0 or all of these packages need to be 
> > updated. So what's your plan here?
> 
> I have no plan.  What plan might be sensible?

As I have no idea what uglifyjs is used for, I cannot tell you. If it's
a drop in replacement, update the build dependencies or establish an
upgrade path via transitional packages. If it's not, patch them.

In the end, the above bugs need to be fixed to get uglifjs removed.

> > > (I tried to get the package auto-kicked from testing by filing
> > > release-critical bug#958117 but evidently that didn't work.)
> > 
> > uglifyjs is a key package, so auto-removal does not apply.
> 
> What does "key package" mean?  Simply that other packages (build-)depend 
> on it, or perhaps some manually maintained list by the release team?
> 
> If the latter, then please remove src:uglifyjs as key package and 
> instead treat src:uglify-js as key package.

You can check with the link Paul sent. It looks like other key packages
(there seems to be a path from reportbug via pytest to uglifjs)
build-depend on it. (Build)-Dependencies of key packages are again key
packages. So it will only be removed from the key package list
once those dependencies are fixed.

Cheers
-- 
Sebastian Ramacher

Attachment: signature.asc
Description: PGP signature


Reply to: