[Pkg-javascript-devel] Comments regarding node-express-session_1.7.0-1_amd64.changes

[Jérémy Lal]

Le samedi 04 octobre 2014 à 14:35 +0200, Leo Iannacone a écrit :
> On 4 October 2014 14:04, Jérémy Lal <kapouer at melix.org> wrote:
> > Le samedi 04 octobre 2014 à 10:49 +0200, Leo Iannacone a écrit :
> >> On 3 October 2014 23:14, Thorsten Alteholz
> >> <ftpmaster at ftp-master.debian.org> wrote:
> >> > Hi Leo,
> >>
> >> Hi Thorsten,
> >>
> >> > will there be a package node-uid-safe?
> >>
> >> Yes, it will be .. but not sure when in "which way" since that module
> >> (like any other) is too small.
> >>
> >> After discussing this in JS team we ended up they should be included in
> >> "common" packages, see this wiki page:
> >>  https://wiki.debian.org/Javascript/Nodejs/CommonPackages
> >>
> >> unfortunately I didn't enough time during last weeks to work on it,
> >> neither to study how packages multi-sources work.
> >>
> >> It could be wonderful if someone else can take this task.
> >
> > I turned that idea over and over and came up with the conclusion
> > that we should avoid that idea of making bundles of unrelated software.
> >
> > Please, either include node-uid-safe in node-express-session (as patch,
> > or using the kind of tarball packager i've been trying to make), or make
> > a proper debian package of node-uid-safe.
> 
> A proper debian package was already done, but it got REJECTED from ftp-masters.
> 
> I will think better on this. uid-safe has some reverse dependencies
> which sould be packaged (csrf' modules).
> 
> I don't know right where put uid-safe, if in express-session or in csrf...

If you put it as patch somewhere, then put it everywhere as patch !
It shouldn't be "provided" by some arbitrary other package - or else it
is a disguised bundle.


> 
> > Any other solution is a mess waiting to happen - the best way to
> > distribute software in debian is by making proper debian packages, not
> > bundling modules because "it saves resources".
> 
> +1 . Agree.
> 
> Leo.
>