Quoting Michael Prokop (2016-11-23 14:18:49)
> Disclaimer: I'm not blaming nor pointing to anyone, but I feel like 
> that this is yet again the team pattern and I'd really like to see 
> whether we have any way out of this...

Thanks for stating above.

> ... I'm afraid the situation of node-* packages in Debian is worse 
> than I expected. node-request's upstream release of version 2.26.1 
> dates back to August 2013 and nowadays upstream is at version 2.79. 
> There's #844072 against node-request (where someone is asking for a 
> newer version of node-request in Debian), but it was filed just this 
> month (November 2016) and between 2013 and 2016 there was not a single 
> package upload for node-request in Debian.

Seems you imply that node-request is badly maintained.  Another 
interpretation of above facts is that node-request was very well written 
and its dependencies in Debian until recently was satisfied fine by the 
older version.

> Asking around what other Debian contributors and users usually do when 
> they've to deal with npm + nodejs: either "npm install -g npm"(sic!) 
> and then use npm to install the actual node packages or directly head 
> towards upstream (like https://deb.nodesource.com/setup_4.x).

Npm is an *alternative* to using Debian packaged nodejs code.

Users of Debian cannot tell anything about how same or similar tasks 
could be solved using Debian, because they evidently stopped trying.

> Now one reason why we have node-* packages in Debian is that they
> are dependencies of further packages. To have some numbers: I see
> 601 packages named "node-*" in sid/amd64 as of today, and when
> looking at their reverse dependencies I see only those 24 binary
> packages with node-* packages in their depends/recommends/suggests:
> [JFTR: I didn't consider and look into build-depends for my numbers
> and didn't verify my list with UDD or similar yet. If my numbers are
> wrong please correct me.]

Seems you counted only _binary_ packages - missing e.g. libjs-jquery 
which is a dependency of quite a few packages.

> I might be wrong (please correct me), but my impression is that people 
> are uploading node-* packages mainly to satisfy a (build-)dependency 
> they have in a package and then don't really care about those packages 
> any longer.

That may be true for some packages, but please fix your counting method 
before further discussion, to avoid discouraging people doing good work 

> Back to the npm situation: I was reporting 
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794890#34 because 
> Debian's npm can't be really used reliably nowadays (the 
> "@module/names" not supported at all). Looking through the bugreports 
> of the npm package I'd call it unmaintained,

I suspect you are right that npm specifically is in bad shape in Debian 
- but my (unsubstantiated) impression is that the cause is not that 
Nodejs packages in general are badly maintained, but instead because of 
the very aim of npm being not to fit Debian but to bypass it.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Pkg-javascript-devel mailing list

Reply via email to