[Pkg-javascript-devel] JavaScript policy? (was: Please review jquery-coolfieldset)

David Prévot david at tilapin.org
Sat Mar 22 11:37:49 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Le 22/03/2014 05:33, Emilien Klein a écrit :
> On 03/21/2014 11:22 PM, François-Régis wrote:
>> Le 21/03/2014 07:45, Emilien Klein a écrit :

>> So Marcelo's recommandation goes on the good way to have uniform
>> workflow and should be written somwhere (as the recomand to provide
>> minify and source version).
>>
>> We may have something like :
>>
>> * Origin tarball should not include any minify code.

Maybe there is a missing “sourceless” here: it’s perfectly fine for a
source package to embed a convenient binary/prebuilt copy, as long as it
is not used in the binary package, but instead rebuild it from source
and ships the rebuilt version. In order not to make minified JavaScript
any different, the first point should read:

* Origin tarball should not include any sourceless minified code.

>>> Regarding the removal of the minified files: that is done to comply
>>> with the DFSG, as minified files are assimilated to compiled objects,
>>> not source code. As Debian requires the source to be provided, not the
>>> compiled binaries, the minified files must be removed fromt the
>>> upstream tarball.

Again, only if the source is not provided. An alternative in case
upstream provides sourceless minified JavaScript in their tarball, would
be to ship the source (e.g., dug up from their source repository, or
from JQuery) inside the debian directory, and rebuild it for (or do
nothing if it isn’t shipped in) the binary package: it can save a repack.

> The general idea is that you would have a get-orig-source target in
> d/rules that downloads the tarball, makes is compliant with DFSG, and
> recreate a new tarball.

Alternatively, the Excluded-Files feature of uscan(1) can do it for you.

Regards

David


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJTLXYJAAoJEAWMHPlE9r08VnEIAK6GDhkbJaxrH1T1KZyuDwk4
BGHHtDreMzeDTwR0g5bV+1y8ZWdS2wW1gLmqTAeQ2fxZBwy3H0UyBwlyAqYWFjnn
0Q7aTBqCKC3lQETV3+MaNVHEOjVUFxorNNaPwnvaAke7bt8ZqCJxkssWD9W9YH+r
0h9VK+WG8OYIe5YJ6wThuVMpEJS1EcZf44SJvjgRwjJzebW3k0lT/lbc1AKZUMKu
If5FuCDVudFDBxmgsx3kzZ8U0fqWBRJDM53fqgfyI/6vl/nORDLnYZm6B6e74r77
bPRpKDUJWl7m0Xmd1z18AqeOdli36nyXgMEAY+j7mCsAOiyheaWgf/WN37I77Oc=
=Vq9f
-----END PGP SIGNATURE-----

More information about the Pkg-javascript-devel mailing list