Ref:

Hi all,

Ftpmasters want to reduce node packages in NEW queue [1]. Extract:

  "node packages are rather small and often consist only of a few lines
  of code. From my point of view it is very unlikely that such packages
  will change over time, so their code will remain constant forever.
  More likely upstreams will add new features and pay no attention to
  backward compatible APIs.

  In the node ecosystem everything is fine. Their developers use carets
  or tildes as dependency operators and just depened on the version of
  the API they really need.

  In Debian such packages basically create two problems. They bloat the
  packages file, which prolongs the process of installing or updating
  packages. Further Debian only allows packages with one, the latest,
  version in the archive. So uploading packages with the newer API would
  make packages unusable, that still depend on the older API. Usually
  this is not recognized and suddenly packages in the archive won't work
  anymore.
  One could introduce versions within package names, but this would just
  multiply the number of node packages."
  ...

After a long discussion in JS team, I built a Wiki draft [2] and I would
like to have an opinion of Security Team before continuing in this way.

Cheers,
Xavier

[1]
https://alioth-lists.debian.net/pipermail/pkg-javascript-devel/2018-September/027849.html
[2] https://wiki.debian.org/Javascript/GroupSourcesTutorial



Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to