Control: severity -1 wishlist
On Sun, Sep 6, 2020 at 13:59, Jonas Smedegaard <[email protected]> wrote:
Package: node-entities
Version: 2.0.2-2
Severity: serious
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
node-* packages must depend on nodejs -
libjs-* need not (when _only_ targeting browser use).
* Libraries written in a language should generally not depend on that
language's interpreter
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934948#54
Changelog for release 2.0.2-2 includes "Drop runtime dependency on
nodejs
(to avoid installing nodejs with l ibjs-markdown-it" -
but libjs-markdown-it does _not_ depend on nodejs,
neither directly nor transitively.
Perhaps there was no issue to fix, and you simply confused
libjs-markdown-it and node-markdown-it?
No, node-markdown-it provides libjs-markdown-it now and node-entities
is a dependency of node-markdown-it
From the CTTE bug referenced above,
3. For the specific case of src:ruby-task-list, which provides both a
Ruby
library and a JavaScript library, we suggest:
* shipping both Ruby and JavaScript libraries in a single binary package
* removing the dependency on the Ruby interpreter, unless there is a
reason why it is required
* asking the maintainers of the Ruby libraries that ruby-task-list
recursively depends on (such as ruby-rack) to remove *their*
dependencies
on the Ruby interpreter, unless there is a reason why it is required
So we need to recursively remove the dependency on the interpreter.
Please revert the change, to have node-* package depend on nodejs.
If you disagree that nodejs libraries must depend on nodejs,
then please let's discuss that general change in the team first.
Already replied there.
