-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 05/07/2014 11:06 AM, Wouter Verhelst wrote:
> I submit that in the case of minified javascript libraries that are > *already available* in Debian, and that are symlinked (in the way as > described before) but ship in a source tarball as convenience copies > *which are not used*, they can. > > It is easy to verify whether such minified javascript libraries are > used: if the binary package does not ship with them, they are not > used, even if they are in the source package. One difficulty with this is that it is (potentially) confusing to the end user. Specifically, it violates my (pre-this-thread) expectation of what it is that I get from 'apt-get source'. Prior to reading this thread, it would never have occurred to me to think that something obtained that way might not be actually part of the source (or source-documentation, et cetera) of the binary package; I would have looked at the source, seen the minified JS file, and expected that it would be used during the build or in the final "binary". If I needed to modify it, or to trace code flow through it for debugging purposes, I could have spent a fair amount of time and effort unnecessarily. I don't think I'm likely to be alone in this. I think this is akin to the question of embedded copies of separately-packaged libraries; I would have been similarly though not identically misled by the presence of the source of such a library in the 'apt-get source' result of a non-library package. I believe I've seen discussions of whether to strip out such code copies here in the past, though I don't recall what the outcomes may have been. At minimum, I would think that all such "included but not used" code should be explicitly documented somewhere (preferably somewhere relatively visible) in the source package, listing all files - or, when applicable, directories - which should be ignored because the package build uses external ones. - -- The Wanderer Secrecy is the beginning of tyranny. A government exists to serve its citizens, not to control them. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCgAGBQJTalQaAAoJEASpNY00KDJrVPMP/3HumvVxXjnnx7TEVCNvm4x+ h2/gVP0+4XjKFuqVpwDuIfws8Vw1/JRdd+W3QMZTRR9+8xET37Wtk6wp/yxCBQkA kyQY/vVUrgVFxf++0xDvqvh8rRPlDOCNQuHQkz7gUHk7rJDv0shZsI9I+R7JuPU3 7j1srzwJHFazxcFA5WZkeaNQmdcDUA8ZBkS9McbXEDYeS40vO+2fxoT7CaVKYlYc I3LFTVIiPWZ9AHc+6YjzqNabTZt4CcTNRSs06+LFrpsh21t801LCFcpV2neP+5Im njbe7WgvOV3ct94Jk2G6d9trD7WjI3/smhaQKbeCywvTG4oghGQhHTM6TaG8kqAY sirPW+miUiuh8olLyza9CmqM9cO9scYE3prkzpYDpga2iZ8xJBFKFCsj5K8+bfqy 3PIBuUPOahoMLJM/lWMwmqAtuWKpGQ1Ls74TklqsD8bV+rhctkbf1K5XcK7Ibce1 wJSRMBLXaCRT8XIcS1oo9Se4Qdrnykv9JmIJT16jAqvL7SU7tWol6Ym5kEHjJxkX 0qVWUHMgXVRMoLTon9WG2huW9CMGowmzwOIy4LTD8nAxdhupGZlmOtz8LB9QKUgo xUCOngB4b5bOTEkWouzadvVycT1WBRZh1706iFQJWSguImiM4e1VDGT+3dN+TfNr 9IG04PxvYp/kgpzFfYQo =YBi4 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/536a541a.7000...@fastmail.fm