[Pkg-javascript-devel] Bug#920749: Bug#920749: popper.js: contains generated code uncertain if fully included as source

Xavier yadd at debian.org
Tue Jan 29 09:34:06 GMT 2019


Le 29/01/2019 à 07:41, Xavier a écrit :
> Le 28/01/2019 à 18:45, Jonas Smedegaard a écrit :
>> Source: popper.js
>> Version: 1.14.6+ds-1
>> Severity: serious
>> Justification: Policy 2.1
>>
>> Source package contains several files (seemingly all of them) below
>> <dist/> which does not exist in upstream version tracking and therefore
>> are not in the form preferred upstream, and more importantly may include
>> other code than the actual source below <packages/>.
>>
>>  - Jonas
> 
> Upstream author does provide dist/* files in release commits (example:
> https://github.com/FezVrasta/popper.js/commit/b1144cdbcb5b5ab20d281a6083ecdce475a54af1)
> and remove them from master at next commit. This generated files are
> readable javascript files, unminified and well commented (a sort of
> webpack of packages/* files).
> 
> To reproduce build, many dependencies are needed. So the choices are:
>  - doing nothing, twitter-bootstrap4 will be removed from buster with
>    all its reverse dependencies
>  - package many new modules (I've no time to do this)
>  - decrease this severity issue
> 
> NB: upstream build can be reproduce only using yarnpkg, failed with npm:
>   $ yarnpkg install
>   $ yarnpkg build
> 
> Cheers,
> Xavier

kapouer found a way to fix this, many thanks !

WIP



More information about the Pkg-javascript-devel mailing list