[Pkg-javascript-devel] JavaScript policy?

[François-Régis]

Hi Marcello, Hi Emilien

Le 29/03/2014 22:33, Marcelo Jorge Vieira a écrit :
> On Sat, 2014-03-29 at 10:33 +0100, Emilien Klein wrote:
>> 2014-03-29 9:57 GMT+01:00 Emilien Klein <emilien+debian at klein.st>:
>>> I feel we are stuck. In the intent to bring this discussion to a
>>> close, would you strongly disagree if I ask the question on the -devel
>>> mailing list?
>>
>> Let me rephrase that:
>> I will send a draft of the email on our js mailing list, presenting
>> both sides on this question.
>> All will have a say to make this better, and then I'll send it to -devel.
> 
> Just to remember, two year ago this topic was discussed in the
> debian-devel list.
> 
> https://lists.debian.org/debian-devel/2012/08/threads.html#00365

Thank you Marcello for this very interesting thread. By the way it's not
addressing exactly the question of *this* thread. It originally talks
about sources tarball providing minified files and no sources (and where
evently sources could exists elsewhere in debian).

As initiator of the thread, I may recall that the question we ask is
"Should we remove from source tarball minified versions of source files
existing in tarball". And of course nobody imagines to use those
minified files in binary package.

In the current thread, David clearly says we can keep them [1] and Ben
[2] suggests that it's better to remove the minified files from orig
tarball. And in an other thread [3], Marcello said we have to remove them.

[1]
http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2014-March/007214.html
[2]
http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2014-March/007242.html
[3]
http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2014-March/007176.html

-----

I've detail read the thread from Marcello which is mainly beside the
subject we are talking about and without quoting too much, what I've
understood is that providing both source and minified version makes a
consensus. I may have a wrong undestanding of the discussion so if
anybody else could have look and gives return...

Beside, the question of the trust we can have on the fact that the
minified file is safe, which Emilien propose to verify, is only adressed
to people using source package outside debian, and from this POV, we may
perhaps make some checks as these are kinds of executable files. But we
just feel happy when we have xcf, scg or what else source for jpeg, png,
tiff or whatever format and we are still unable to prove that they are
"compile" from sources.

Hope that this until "-----" will help to the clearify the question.

Cheers,


-- 
François-Régis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 880 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20140330/7475e7ab/attachment.sig>