Quoting Xavier (2020-09-03 16:06:01) > Le 03/09/2020 à 16:02, Jonas Smedegaard a écrit : > > Quoting Xavier (2020-09-03 15:43:24) > >> Le 03/09/2020 à 15:36, Xavier a écrit : > >>> Le 03/09/2020 à 14:59, Andrius Merkys a écrit : > >>>> Hi Xavier, > >>>> > >>>> On 2020-09-03 15:54, Xavier wrote: > >>>>> buffer-equal: > >>>>> - node-buffer-equal (1.0.0) > >>>>> - node-vinyl-fs (1.0.0) > >>>> > >>>> Does this (and the like) mean that <module> is now packaged as > >>>> node-<module>? If so, such embedded modules might be removed. > >>> > >>> Hi, > >>> > >>> You're right buffer-equal should be removed from node-vinyl-fs. Other > >>> example, node-parse-json is bad: it embeds some outdated @babel/* > >>> modules while node-babel7 has been released. > >>> > >>> I built this inventory to detect such cases. > >> > >> Other (good) example: node-lolex embed a slightly outdated > >> @sinonjs/commons to avoid a complex circular dependency with node-sinon. > >> In this case no bug, just a known problem. > > > > "known" to whom? It does not seem known to Debian nor to the JavaScript > > team - i.e. I fail to see any mention of the reason for that code > > embedding in debian/README or debian/TODO. > > > > What did I miss? > > I missed to insert a Debian/README, this is just mentionned in > d/changelog. Let's do that.
Thanks. Please also report it for the security team - see https://wiki.debian.org/EmbeddedCopies - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
