[Pkg-javascript-devel] Bug#943389: Bug#943389: node-lodash: source package does not contain upstream source
Jérémy Lal
kapouer at melix.org
Thu Oct 24 18:47:48 BST 2019
Le jeu. 24 oct. 2019 à 19:33, Jonas Smedegaard <dr at jones.dk> a écrit :
> Quoting Pirate Praveen (2019-10-24 19:12:22)
> >
> >
> > On Thu, Oct 24, 2019 at 19:05, Jonas Smedegaard <dr at jones.dk> wrote:
> > > Quoting Pirate Praveen (2019-10-24 18:42:17)
> > >> On Thu, Oct 24, 2019 at 16:19, Jonas Smedegaard <dr at jones.dk
> > >> <mailto:dr at jones.dk>> wrote:
> > >> > Quoting Pirate Praveen (2019-10-24 15:34:15)
> > >> >> All files derived from source have their corresponding source
> > >> >> code and it is regenerated during build.
> > >> >
> > >> > It may very well be "source" but not "upstream source".
> > >> >
> > >>
> > >> Then I fail to see how this is a serious bug.
> > >
> > > I listed Policy § 2.1 as being the reason for severity of this bug.
> > >
> > > Let me quote the part I find relevant:
> > >
> > >> The program must include source code, and must allow distribution
> > >> in source code as well as compiled form.
> > >
> > > If this package _does_ contain source code but just from a
> > > _different_ upstream project than the one currently listed in
> > > debian/copyright then the bug is easily fixed by simply correcting
> > > what upstream project this package claims to ship source code from.
> >
> > Lets ask the team what they think about the issue.
> >
> > Hi js-team,
> >
> > Do you think this is really an rc bug? Do you think Source field in
> > debian/copyright should be changed to
> > https://github.com/lodash/lodash/releases ?
>
> For the record, I did not say that above URL solves this bug.
>
Does the problem Jonas refer to is that embedded component lodash-cli
is downloaded (by watch file) from https://registry.npmjs.org/lodash-cli ?
Side note: downloading from npmjs.org should be avoided and maybe a
good candidate for a lintian error; for it is an unreliable source
(no checksum, no guarantee, unlike git, afaik).
Jérémy, trying to help.
PS: Pirate, no need to cc pkg-javascript-devel we already receive all bug
reports.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20191024/e0c61fda/attachment.html>
More information about the Pkg-javascript-devel
mailing list