[Pkg-javascript-devel] Draft to embed more than one Node module in a Debian package
Xavier
yadd at debian.org
Thu Sep 13 10:59:20 BST 2018
Ref:
Hi all,
Ftpmasters want to reduce node packages in NEW queue [1]. Extract:
"node packages are rather small and often consist only of a few lines
of code. From my point of view it is very unlikely that such packages
will change over time, so their code will remain constant forever.
More likely upstreams will add new features and pay no attention to
backward compatible APIs.
In the node ecosystem everything is fine. Their developers use carets
or tildes as dependency operators and just depened on the version of
the API they really need.
In Debian such packages basically create two problems. They bloat the
packages file, which prolongs the process of installing or updating
packages. Further Debian only allows packages with one, the latest,
version in the archive. So uploading packages with the newer API would
make packages unusable, that still depend on the older API. Usually
this is not recognized and suddenly packages in the archive won't work
anymore.
One could introduce versions within package names, but this would just
multiply the number of node packages."
...
After a long discussion in JS team, I built a Wiki draft [2] and I would
like to have an opinion of Security Team before continuing in this way.
Cheers,
Xavier
[1]
https://alioth-lists.debian.net/pipermail/pkg-javascript-devel/2018-September/027849.html
[2] https://wiki.debian.org/Javascript/GroupSourcesTutorial
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20180913/245f63cd/attachment.sig>
More information about the Pkg-javascript-devel
mailing list