On 14455 March 1977, Adam Borowski wrote: > On Sat, Oct 08, 2016 at 10:45:08PM +0200, Joerg Jaspert wrote: >> we had a discussion inside the FTP Team about the "browserified js" >> issue. We understand that "browserified" refers to various changes to >> the original source, from concatenating multiple (local and remotely >> fetched) files together, arbitary transformations (down to something >> akin to compilation), minifying and others. Not all "browserification" >> may necessarily use all of those ways. > [...] >> - We acknowledge that it appears to be a big task to provide a proper >> "browserification" environment within Debian. Due to the freeze coming >> up we would understand the Release Team granting an RC exception for >> stretch for such non-sources already in main, with the condition that >> this will not extend to another release. > Could you please suggest some stick to ensure that the condition you mention > is actually enforced? I've got an impression that once a RC exception is > granted, it stays forever, renewed around every freeze.
First of they have to grant it. I have no idea if they do or not, not having asked them at all. Second - the enforcing will have to come from us ftpmasters - by removing the packages at some point, if they don't get fixed. > Another issue is, as mentioned in the TC discussion, the inability to fix > any non-trivial security bugs in stable. I can't quite imagine the Security > Team hunting for a specific old version of grunt and all of its extensive > dependencies to rebuild the buggy package. Such state hits the definition > of "contrib" exactly, why not actually use it for this purpose? Demotion of > libjs-handlebars would require changing or demoting two more packages: > prometheus and kcov, which would be a hassle but not the end of the world. I would understand the security team to define them as "not supported (unless the maintainer does all the work)", and yes, contrib is IMO the way better place for them. -- bye, Joerg <_DeadBull_> ohne speicher, tastatur, mouse, pladde, monitor, also nur die Hardware...