[Pkg-javascript-devel] node-vendors_1.0.1-1_amd64.changes REJECTED
Pirate Praveen
praveen at onenetbeyond.org
Fri Dec 15 08:12:11 UTC 2017
On 12/14/2017 03:30 AM, Thorsten Alteholz wrote:
>
> Hi,
>
> one of our trainess looked at you package and found:
> * no code included, just a 10 lines json file
> * no description, just a verbatim copy out of the readme
>
> Please reconsider whether such a package is needed.
This module is a dependency of postcss-merge-rules. I will embed it
instead then. But this also means, if more modules depend on it, then it
has to embedded in all of them. Since this is just data and not security
sensitive code, it'd be okay from a security perspective, but it will
require updating multiple packages in case vendors needs updating.
> Thanks!
> Thorsten
>
>
>
> ===
>
> Please feel free to respond to this email if you don't understand why
> your files were rejected, or if you upload new files which address our
> concerns.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20171215/d7068ffd/attachment.sig>
More information about the Pkg-javascript-devel
mailing list