[Pkg-javascript-devel] Bug#890539: RFS: node-yamljs/0.3.0+dfsg-1 [ITP]

Andreas Moog andreas.moog at warperbbs.de
Sat May 26 17:28:54 BST 2018 

On Mon, May 14, 2018 at 10:10:47PM +0200, Bastien ROUCARIES wrote:

Hello again,

> Not good from security point of view, you need to use mktemp.
> 
> And diff does not fail if content change. Better to use cmp tool

Okay, changed to using cmp and mktemp.

> >
> >>> 2. why did you not run testsuite ?
> >>
> >> As far as I can tell the testsuite requires node-jasmine, which isn't packaged
> Ok please create a itp or rfp for nde-jasmine and mention this
> package. Will sponsor node-jasmine

Will do.

> > in all the case add to makefile (this time no vulnerability because
> > you write to local build):

I think I added the right stuff to my debian/rules file.

> >> That gives me a list of about 20 contributors, some with only very minor
> >> contributions like a typo fix. Where would I make the cutoff point for
> >> including them in debian/copyright? Adding all of the contributors feels
> >> wrong. The LICENSE only mentions jeremyfa as copyright holder.
> >
> Better safe then sorry. Please do it

Done.

> 8. demo.html include yui.css in minified form.(see
> https://paulund.co.uk/collection-of-css-resets)
> 
> Copyright does not mention it. And you fail to build from source.
> 
> Sor remove demo.html  using File-Excluded and recreate it from source
> removing the css reset code.
> 
> you could use the css-reset I am packaged on node-modernize.css and
> suggest node-modernize.css

I assume you meant node-normalize.css here. I removed the minified yui.css
and added node-modernize.css as a suggests. Though I'm unsure how to include
it in the demo.html file. I thought about adding a link to normalize.css, but
that link would then be broken without node-normalize installed. I have now
added it with 
<link rel="stylesheet" href="../../../javascript/normalize.css/normalize.min.css" />
and gave a comment in the demo file.

An updated repository has been pushed to salsa.

Thanks again for your time!

Kind regards,

Andreas Moog

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20180526/a229a298/attachment.sig>

More information about the Pkg-javascript-devel mailing list