[Pkg-javascript-devel] Bug#980291: Bug#980291: Bug#980291: Bug#980294: libjs-jquery-flot: breaking API change

[Xavier]

Le 18/01/2021 à 18:47, Pirate Praveen a écrit :
> 
> On Mon, Jan 18, 2021 at 2:28 pm, Antonio Terceiro <terceiro at debian.org>
> wrote:
>> But the fact is that all the other reverse dependencies that used any
>> plugin now need to be changed accordingly. Otherwise we can just wait
>> for their chart features to break in subtle ways in the face of users.
> 
> Not specific to this bug, but in general, we need to be a lot more
> careful and slow when updating node modules that also has libjs-* since
> we don't really have automated tests for them. For, node only parts we
> have tests most of the time, though not all packages have tests. So we
> have to be generally slow down on any major version update.

Maintaining an unsupported version means taking the risk to be unable to
backport a security fix during stable life and LTS (we already have many
examples).
_Before freeze_, I prefer having updated libraries, take the risk to
break sometime something, and patch reverse dependencies (with an
upstream PR when useful): breaking a little testing/unstable is not a
drama. But we are a team, if the team prefer to take the security risk,
then OK, I'll stop updating any libjs-* package (and stop tearing my
hair to patch obsolete packages when a CVE exists).

For the rhythm, most of libjs/node-* packages were strongly outdated in
Buster, the sustained pace of 2020 only partially made up for the
accumulated delay and the related technical debt.

Anyway, we entered freeze, it's not time to update anything not needed,
except minor and tested updates, but I'm happy to have updated a lot of
packages before freeze even if it has broken unstable sometime.
I feel the [1] dashboard better now than before Buster release.

[1]:
https://udd.debian.org/dmd/?email1=pkg-javascript-devel%40lists.alioth.debian.org&format=html