On 2026-06-22 9:21 AM, Vít Ondruch wrote:
Source1: %{npm_name}-%{version}-nm-prod.tgz
Source2: %{npm_name}-%{version}-nm-dev.tgz
Is the concern the first, the second, or both?
Both, I think.
The "prod" archive will be distributed more or less as-is for packages
following the guidelines, so that's obviously a problem.
As I read the policy, the "dev" archive is an issue as well. The
"exceptions" section under "No inclusion of pre-built binaries or
libraries" discusses builds which require a pre-existing toolchain,
which is what we're seeing here. This is allowed only with approval from
the Fedora Packaging Committee, and only for a bootstrap build which is
not distributed to users.
Even if we adopted a blanket exception for the dev archive for Node.js,
we need to find a process that will rebuild or replace binary contents
in the prod archive, and I haven't found a process that will work yet.
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://forge.fedoraproject.org/infra/tickets/issues/new