On ചൊവ്വ 03 ഒക്ടോബര് 2017 10:10 രാവിലെ, Gunnar Wolf wrote: > I am completely with Sean here; I read the following messages, and am > happy a better resolution was found. But, FWIW, I'll support Sean's > interpretation - Contrib and non-free are *not* places where we can > happily breach any bits of policy; they are exclusively for things > that cannot be shipped in Debian Main due to their DFSG status.
I cannot accept arbitrary interpretations of policy. When build tools are not available in main, they cannot go to main, and if the software itself is Free Software, it can go to contrib. If you disagree, please get the policy clarified. As per the current policy, these packages clearly qualified for contrib and these were already accepted by ftp masters into the archive. You could go to CTTE and challenge the decision of ftp masters. Alternatively, those who care enough about the issue can help get these tools into main. I have been doing just that over the last years (grunt, gulp, babel, jison, webpack to name a few, each with 100s of dependencies) so many of the packages currently in main could go there. Since the tools are just so many and the people packaging them are handful, it will take quite a while for all these tools to be in main and I'm going to continue using contrib for these packages until that time. You can also check the record of people who are most vocal over the issue (not just in this thread, but in earlier discussions about handlebars/dfsg/browserify) and compare who is helping fix the issue and who is just talking. > And, yes, network access during a build... Is a clear no-go. Specially > if as a project we are committed to this so neat Reproducible Builds > thingy that has made so many among us proud to be part a project where > an ages-long problem is finally being tackled - And quite > successfully, even! > I thought building these things (making sure the source corresponds to the distributed binaries), though using tools outside archive, was preferred over shipping pre-built binaries. But it seems shipping pre-built binaries are preferred. It looks to me like a misplaced compromise, but I will follow this advice and ship pre-built binaries next time without building them using npm.
Description: OpenPGP digital signature