[Pkg-javascript-devel] script to generate debian/watch for embedding nodejs modules

Xavier yadd at debian.org
Mon Nov 26 21:15:43 GMT 2018 

Le 26/11/2018 à 20:30, Xavier a écrit :
> Le 26/11/2018 à 19:40, Jérémy Lal a écrit :
>>
>>
>> Le lun. 26 nov. 2018 à 17:29, Xavier <yadd at debian.org
>> <mailto:yadd at debian.org>> a écrit :
>>
>>     Xavier wrote:
>>     >> ...
>>     >> Looks acceptable IMO
>>     >
>>     > Policy update:
>>     >  - components used only during build => not used in version
>>     >    (except if they inject some code)
>>     >  - components without major risks    => not used in version
>>     >  - components that must be followed  => declared as "group" in
>>     >    debian/watch
>>     >  - components that must be followed and used in many other packages
>>     >    => packaged separately
>>     >
>>     > Note: I wrote this to help js-team and decrease time to wait in NEW
>>     > queue. If you feel that "crazy", please simply delete
>>     > https://wiki.debian.org/Javascript/GroupSourcesTutorial and the
>>     links to
>>     > this page.
>>     >
>>     > I you don't want to do it by yourself, I can remove the page for you.
>>     > Just ask me to do it.
>>
>>
>> This is certainly not crazy, and while i'm not myself completely
>> convinced it's the right approach,
>> (mostly because i did not took the time to review and practice), it's
>> the closest thing we have
>> to a usable solution.
>>
>> Please don't stop there, it would be such a waste.
>>
>> About the bundled packages and the weird version encoding all the
>> bundled versions:
>> most upstreams that are serious about their packaging now use a
>> package-lock file,
>> effectively locking down a released version to the needed versions of
>> dependencies.
>> When it's the case, it means that any change in versions of dependencies
>> will be reflected
>> by a new parent package version. In that case, it's useless to encode
>> dependencies versions
>> in the parent debian package version ?
>>
>> Jérémy
> 
> You're right, in that case, components must be tagged as "ignore" or
> best a version number ("0.0.1" for example) directly in debian/watch.

No! 0.0.1 means "newer than 0.0.1" for uscan. I'm modifying uscan to be
able to fix a component version using "=0.0.1" syntax.

More information about the Pkg-javascript-devel mailing list