Dne 22. 06. 26 v 19:02 Gordon Messmer napsal(a):
On 2026-06-22 9:21 AM, Vít Ondruch wrote:
Source1: %{npm_name}-%{version}-nm-prod.tgz
Source2:        %{npm_name}-%{version}-nm-dev.tgz

Is the concern the first, the second, or both?


Both, I think.

The "prod" archive will be distributed more or less as-is for packages following the guidelines, so that's obviously a problem.

As I read the policy, the "dev" archive is an issue as well. The "exceptions" section under "No inclusion of pre-built binaries or libraries" discusses builds


Just FTR, the question is what does "build" means. I interpret it as using such tools (especially in `%build` section) to produce something going to resulting package. But the content of -dev tarball is used only in `%test` section, which should not change the content of `BUILDROOT`.

Your interpretation seems to me to be broader than this.


Vít



 which require a pre-existing toolchain, which is what we're seeing here. This is allowed only with approval from the Fedora Packaging Committee, and only for a bootstrap build which is not distributed to users.

Even if we adopted a blanket exception for the dev archive for Node.js, we need to find a process that will rebuild or replace binary contents in the prod archive, and I haven't found a process that will work yet.

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to