Source: llhttp Severity: serious Tags: ftbfs X-Debbugs-Cc: [email protected], [email protected], John Paul Adrian Glaubitz <[email protected]>
debian/control of llhttp: Source: llhttp ... Build-Depends-Arch: ... , libllhttp-source (>= 9.4.2+~cs12.11.9~) ... Package: libllhttp-source ... Architecture: all While this kinda works in unstable, it depends on implementation details and is rather fragile. This cannot work when amd64+all is a combined build, as some of our derivatives (e.g. Ubuntu) are doing. In unstable it works due to incoming.debian.org providing the binary-all packages for 2 days. llhttp is a package not unlikely to have DSAs once it is in a stable release, and I doubt this setup would work in security when a DSA updates to a new upstream version. I would guess the original motivation was supporting ports architectures without Node.js and LLVM, but the current setup causes more problems than it solves. Less bad options might be a separate source package for the binary-any build (with Static-Built-Using), or using a different HTTP Parser in libgit on ports architectures. -- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
