[Pkg-javascript-devel] dh-sequence-nodejs improvements
Mattia Rizzolo
mattia at debian.org
Fri Feb 4 16:47:19 GMT 2022
On Fri, Feb 04, 2022 at 11:06:53AM +0100, Yadd wrote:
> > Thanks for your work!
> > I had a question: wouldn't that be a violation of the policy?
> > Since at the same link you passed, it says:
> >
> > | This field should be used only when there are license or DFSG
> > requirements to
> > | retain the referenced source packages. It should not be added solely
> > as a way
> > | to locate packages that need to be rebuilt against newer versions of
> > their build dependencies.
>
> You're right, it's probably not the good field.
Yes, Built-Using has a specific goal and it affects how dak retains
source packages even when no binaries are coming from them.
Don't add such field needlessly.
> > Although the goal here is to track CVE's, but it does not seem to do
> > much with licenses.
> >
> > Actually, even golang team uses something similar (not exactly same);
> > please consider to look at this link[2]
> > and they were thinking of doing
> > it on something on the lines of the rust team, i.e. introducing a
> > XS-<lang>-Built-Using or something similar;
> > do you think using a XS-javascript-Built-Using could be a more sensible
> > option on our side?
> >
> > Let me know.
>
> Or X-Javascript-Built-Using ?
You'd likely need to use XB- so that it gets into the binary packages
and then in the Packages index file (I think).
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20220204/26064806/attachment.sig>
More information about the Pkg-javascript-devel
mailing list