Le 06/10/2021 à 23:32, Thomas Goirand a écrit : > On 10/6/21 6:53 PM, Pirate Praveen wrote: >> [adding -devel] >> >> On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard >> <jo...@jones.dk> wrote: >>> Quoting Yadd (2021-10-06 11:43:40) >>>> On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: >>>> > Source: src:node-lodash >>>> > Version: 4.17.21+dfsg+~cs8.31.173-1 >>>> > Severity: serious >>>> > Justification: do not compile from source >>>> > >>>> > Dear Maintainer, >>>> > >>>> > The vendor directory should be emptied >>>> > >>>> > The debug version is compiled without source (lintian warn) and >>>> moreover the >>>> > rest of file are already packaged >>>> > >>>> > grep -R vendor * gives only a few hit that could be cured by >>>> symlinking >>>> > >>>> > Bastien >>>> Hi, >>>> >>>> this files are used for test only, maybe severity could be decreased. >>> >>> I find the severity accurate: Relying on non-source code is a severe >>> violation of Debian Policy, not matter the purpose of relying on it. >> >> I think we should change the policy here. Running tests helps improve >> the quality of the software we ship. Many times the vendored code is >> used to ensure the code does not break in a specific situation. I don't >> think reducing test coverage in such situations is really helpful. > > Right, running tests helps improve the quality of software we ship. > Which is why you probably need to test using what's shipped in Debian > rather than using a vendored source-less code. > > If we rely on non-free code for tests, that's really bad too, and that > must be avoided just like we're avoiding source-less code everywhere > else in Debian. The policy shall not change, please.
We are not talking about really-non-free code, but minified JavaScript code released under a free license. If we want to be strict here, there will be some excluded package: for example most of the softwares listed here will be excluded: https://lintian.debian.org/tags/embedded-javascript-library Is it what you want ?
