On വെള്ളി 09 ഡിസംബര്‍ 2016 11:33 വൈകു, John-David Dalton wrote:
>> That means we have to maintain multiple copies of the same library and
> that increases our effort to maintain it. 
> The maintenance cost is reduced since they're just bundled with the
> package. You can treat each release of say gulp as a snapshot of their
> deps and bundle it with them. Packages specify dep versions for a reason
> and it's not super safe to assume they'll function correctly with deps
> outside of those specified ranges.

Yes, that is one approach we can try. I think Jérémy Lal is working on
such a bundled package for npm, the package manager. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794890#54 We'll see
how well that experiment goes. If that approach is indeed better, we'll
consider it in the future.

>> When we update a dependency to latest version, we ensure all the
> packages depending on it continue to work by running tests
> Sounds kinda fragile.

It depends on the test coverage, if there is good test coverage we can
be confident that updates don't break functionality. If tests are
missing, then its indeed difficult.

>> The terms of the license allow me to flatten the dependencies.
> You're totally free to but I'm also free to discourage incorrect use of
> the package.

Obstructing is much stronger than discouraging.

> BTW are these Debian packages targeting a specific Node version?

yes, 4.6.1 https://tracker.debian.org/pkg/nodejs

Attachment: signature.asc
Description: OpenPGP digital signature

Pkg-javascript-devel mailing list

Reply via email to