On 10/7/21 7:06 AM, Yadd wrote: > Le 06/10/2021 à 23:32, Thomas Goirand a écrit : >> On 10/6/21 6:53 PM, Pirate Praveen wrote: >>> [adding -devel] >>> >>> On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard >>> <jo...@jones.dk> wrote: >>>> Quoting Yadd (2021-10-06 11:43:40) >>>>> On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: >>>>> > Source: src:node-lodash >>>>> > Version: 4.17.21+dfsg+~cs8.31.173-1 >>>>> > Severity: serious >>>>> > Justification: do not compile from source >>>>> > >>>>> > Dear Maintainer, >>>>> > >>>>> > The vendor directory should be emptied >>>>> > >>>>> > The debug version is compiled without source (lintian warn) and >>>>> moreover the >>>>> > rest of file are already packaged >>>>> > >>>>> > grep -R vendor * gives only a few hit that could be cured by >>>>> symlinking >>>>> > >>>>> > Bastien >>>>> Hi, >>>>> >>>>> this files are used for test only, maybe severity could be decreased. >>>> >>>> I find the severity accurate: Relying on non-source code is a severe >>>> violation of Debian Policy, not matter the purpose of relying on it. >>> >>> I think we should change the policy here. Running tests helps improve >>> the quality of the software we ship. Many times the vendored code is >>> used to ensure the code does not break in a specific situation. I don't >>> think reducing test coverage in such situations is really helpful. >> >> Right, running tests helps improve the quality of software we ship. >> Which is why you probably need to test using what's shipped in Debian >> rather than using a vendored source-less code. >> >> If we rely on non-free code for tests, that's really bad too, and that >> must be avoided just like we're avoiding source-less code everywhere >> else in Debian. The policy shall not change, please. > > We are not talking about really-non-free code, but minified JavaScript > code released under a free license. > > If we want to be strict here, there will be some excluded package: for > example most of the softwares listed here will be excluded: > https://lintian.debian.org/tags/embedded-javascript-library > > Is it what you want ?
I would like these binaries (yes, minified JS is the same as binaries) to be replaced by source code. Yes, that's what I want... which is not what you're pointing at. You're pointing at packages not using Debian version of the libraries, which is different. Somehow, I believe it's kind of ok if *docs* are using their own version of these files, provided it's not a minified version. Cheers, Thomas Goirand (zigo)
