Dne 22. 06. 26 v 19:02 Gordon Messmer napsal(a):
On 2026-06-22 9:21 AM, Vít Ondruch wrote:Source1: %{npm_name}-%{version}-nm-prod.tgz Source2: %{npm_name}-%{version}-nm-dev.tgzIs the concern the first, the second, or both?Both, I think.The "prod" archive will be distributed more or less as-is for packages following the guidelines, so that's obviously a problem.As I read the policy, the "dev" archive is an issue as well. The "exceptions" section under "No inclusion of pre-built binaries or libraries" discusses builds
Just FTR, the question is what does "build" means. I interpret it as using such tools (especially in `%build` section) to produce something going to resulting package. But the content of -dev tarball is used only in `%test` section, which should not change the content of `BUILDROOT`.
Your interpretation seems to me to be broader than this. Vít
which require a pre-existing toolchain, which is what we're seeing here. This is allowed only with approval from the Fedora Packaging Committee, and only for a bootstrap build which is not distributed to users.Even if we adopted a blanket exception for the dev archive for Node.js, we need to find a process that will rebuild or replace binary contents in the prod archive, and I haven't found a process that will work yet.
OpenPGP_signature.asc
Description: OpenPGP digital signature
-- _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
