Thomas Goirand:
> Hi,
> 
> [...]
> 

> Also, removing such a non-leaf package at this point of the release is a
> way too late. IMO, a bug should have been opened a long time ago asking
> for an upgrade of the package.
> 


Hi,

I would (also) strongly prefer, if we got better at finding and dealing
with things like outside the freeze.  That said...

In the concrete case, the removal does not look too bad at a metadata
level.  Assuming qtwebchannel5-examples can drop its dependency, the
rest can be removed from testing without affecting any other package
than those listed below.

"""
$ dak rm -nR -s testing npm
[...]
Checking reverse dependencies...
# Broken Depends:
npm2deb: npm2deb
qtwebchannel-opensource-src: qtwebchannel5-examples [...]

# Broken Build-Depends:
ruby-license-finder: npm
"""

> Last, at this point in time, I believe we should discuss the issue with
> the release team. They may agree, for example, that we upgrade the
> package to a newer version (this is unlikely, but it is up to them to
> tell). They may don't agree that we "fix" so many source package to
> remove the build-dependency. Anyway, the solution should be discuss with
> them. Therefore, I'm CC-ing the release team.
> 

From my PoV; upgrade is unlikely to be accepted.  Removal appears to be
doable, so the real question is:

 * Is npm so out of date that it is release critical?

If yes, fix qtwebchannel-opensource-src (etc.) and remove the rest from
stretch.  If no, tag it -ignore and move on.  To be honest, I know next
to nothing about npm and its state, so I will apply "Do-cracy" to this
decision.
  AFAICT, Jérémy Lal have done all of the uploads since 2013 and is the
sole committer to the packaging between 2013-08 to 2014-08[1], which
pretty much makes Jérémy the closest person to an "active do'er" in this
case.

@Jérémy Lal: Your call:

 * Are you willing to support npm for 3-5 years in stretch given its
   current state?
   - If yes, then tag the npm bug stretch-ignore or downgrade it
   - If no, then we will effectuate the removal before the release.

Thanks,
~Niels

[1] https://anonscm.debian.org/cgit/pkg-javascript/npm.git/log/



Attachment: signature.asc
Description: OpenPGP digital signature

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to