[Pkg-javascript-devel] Plan for legacy rollup plugins in bullseye (was Re: node-rollup-plugin-inject 4.0.2+~3.0.2-1 MIGRATED to testing)
Jonas Smedegaard
jonas at jones.dk
Sun Oct 25 10:57:47 GMT 2020
Quoting Xavier (2020-10-25 11:27:55)
> Le 25/10/2020 à 09:06, Pirate Praveen a écrit :
> >
> > On 2020, ഒക്ടോബർ 25 10:09:13 AM IST, Debian testing watch <noreply at release.debian.org> wrote:
> >> FYI: The status of the node-rollup-plugin-inject source package
> >> in Debian's testing distribution has changed.
> >>
> >> Previous version: (not in testing)
> >> Current version: 4.0.2+~3.0.2-1
> >
> > Are we going to maintain legacy versions of these plugins in bullseye? I agree adding them makes the transition easier, but removing the legacy copies should also be part of the plan to avoid maintaining multiple versions of these plugins.
>
> Hi,
>
> you're right, however there are a lot of outdated modules in JS Team
> packages, and these rollup plugins have no known vulnerabilities.
>
> We can also facilitate transition using this way (using experimental of
> course):
> * remove legacy module from any node-rollup-plugin-*
> * insert our own legacy modules in them including just:
> * /usr/share/nodejs/rollup-plugin-foo/package.json
>
> { "name":"rollup-plugin-foo",
> "main":"index.js",
> "dependencies":{
> "@rollup/plugin-foo": "*"
> }
> }
>
> * /usr/share/nodejs/rollup-plugin-foo/index.js
>
> module.export = require("@rollup/plugin-foo");
>
> Note that transition of node-rollup-plugin-commonjs won't be easy
> (remember 10.0.1+really.9.2.0). Same for node-rollup-plugin-node-resolve
Do I understand you correctly that you propose to ship legacy library
embedded with consuming packages?
That seems backwards to me - what would be the benefit?
I think it is better to ship legacy library with non-legacy library, to
ease tracking of its continued need and maintain it where there is most
knowledge about the library, but I may be missing something...
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20201025/3a45f161/attachment.sig>
More information about the Pkg-javascript-devel
mailing list