-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/23/2015 02:14 PM, Piotr Popieluch wrote: > Some node modules contain generated JavaScript, for example > transpiled from es6->es5, generated from coffeescript, or generated > with jison. > > Is it allowed to include these generated files in the module or do > we really need to "build from source". The package guidelines do > not mention generated code [1] >
That's probably worth bringing up with the FPC, but I think historically the requirement is that we have to build generated code from the original source; that including a pre-built copy of it is unacceptable. Some of the generic reasons would be that Fedora may use different default flags to the compiler/interpreter that produces the generated code and thus it might be expected to honor those (examples might include security-hardening flags that upstream did not use). > I'm currently reviewing a package [2] which is generated with > jison, jison and its dependencies are not packaged. Packaging jison > seems like a lot of work without any benefits. > Well, is jison something that other packages would use to generate code like these modules? Because if so, that's a clear benefit: package jison and the others can use it. Generated code is usually suspect, because in most cases it carries no comments and tends to be difficult for a human to understand it (compared to its source material). As a result, it would be very easy for someone to sneak something into the generated code output that doesn't match the sources > What do you think, can we include generated JavaScript or do we > have to build from source? > My opinion is ALWAYS build from source; it's the only way to ensure what you deliver actually matches the readable sources. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlZTaEgACgkQeiVVYja6o6PFawCgnPN/XGjDPzamVDvM+If9jgRY R4cAni+c/Vn+nKk8z9ZxN0UZKEz5H4/8 =jDAR -----END PGP SIGNATURE----- _______________________________________________ nodejs mailing list [email protected] http://lists.fedoraproject.org/admin/lists/[email protected]
