Bug#995722: [Pkg-javascript-devel] Bug#995722: Not running tests because tests miss source code is not useful
On 10/8/21 10:20 AM, Yadd wrote: > Take a look, most of them embed a minified version (jquery* for example) Yeah ... Everyone upstream thinks it's ok to have 15907152438 copies of jquery floating around... There's room for improvement for sure! :) Thomas Goirand (zigo)
Bug#995722: Not running tests because tests miss source code is not useful
On 10/8/21 7:30 PM, Pirate Praveen wrote: >>> This is used only during tests. I don't think we are not gaining >>> anything by removing tests here. Just making it harder for the >>> package maintainer to run tests. >> >> You would not gain anything by removing tests, but you would win by >> making these tests completely free software. > > I am just saying it increases the work required to run tests Yes, sure! I'm not contesting this. Just like it increases the work sometimes to de-vendor minified JS libraries we ship as binaries (which often we re-minify at build time...). > and when disabling tests is an option, the incentive is to disable tests. That's called laziness, and we shall not tolerate this. I've often packaged some Python libraries *only* to be able to run tests. I very much think others should at least aim do the same (even if it's not easy). If we rely on non-free code for tests, that's really bad too, and that must be avoided just like we're avoiding source-less code everywhere else in Debian. The policy shall not change, please. >>> >>> The code is not non-free here, just a specific version of a Free >>> Software code built outside Debian. >> >> We build from source... > > We build the binary packages from source. I don't think it is useful to > extend that to tests without considering the tradeoffs involved. Hang on, let me consider ... done ! :) I do not think you'll go as far as saying that running unit (or functional) tests using blobs is superior to do that using source only tests (or built from source libraries to run tests). We shall have, as a goal, to ship *every* source code that's useful to contribute / hack / modify any given piece of software we ship as binary. It is my opinion that proposing a GR to tolerate blobs when running tests is a *very* dangerous path that I would strongly recommend against. Most likely, you will not like the outcome anyways. >>> I think tools required for tests should be considered separately >>> from tools required to compile. I think it should be treated similar >>> to test data. >> >> I don't agree. > > ok, lets see how the whole project feels via a GR and settle it. I just > expressed my opinion, you expressed yours and we need to make a decision > now. Do you understand that what you're proposing is clearly against all rules we have in Debian since it's inception? We all signed-up for doing free software, and free software only, without any "tradeoff". >>> What you are proposing would require the package maintainer to adapt >>> these tests to versions available (many times with different API >>> versions) in Debian and the easier choice is disabling tests. >> >> No. I believe it's ok to have an embedded version of the JS files in the >> upstream code. This is a *very* different issue, please do not mix them. >> What I don't like is using a minified version of the JS files. That's >> *very* easy (hum... trivial?) to add a non-minified version in your >> Debian folder, and use that for tests. You don't care if running the >> tests is a little bit slower (because using a source-full version), do >> you? > > I don't think you really understand the complexities here. Building the > minified version is not just running the minifier against the non > minified code. The non minified code itself is generated using many > other tools (typescript, transpiled using babel, bundled using rollup or > webpack etc - many times the versions of these tools are very much > different versions as well). I very much understand all of this. I never contested that it's difficult. Though I'm very much contesting that the difficulty for building the binaries you're wishing to embed is a point of argumentation. The more building these blobs is hard, the more we need the source code and the recipe for building these blobs. If you believe these are needed to guarantee the final artifact's quality, then probably they are also needed for modifying upstream code too, with a good enough insurance not to break anything. And I don't agree modifying / contributing to any free software should be allowed using non-free tools. >> Best is, if you can, use the library packaged separately, in Debian, >> both for tests, and runtime. This way, you do ensure that: >> - patching Debian for security is still a thing >> - the package can run with the Debian version of the lib >> > > You are completely missing the reality here as well. I am *NOT* missing ANYTHING here. Please read carefully once more: I UNDERSTAND THE PROBLEM. :) > The runtime dependencies are already used from the packaged versions. I get that point, you already mentioned it anyways. > These vendored > libraries are used only to create specific test cases or sometimes using > alternative implementations to test the shipped code. You also wrote that before. >> If the lib are just use for tests and nothing else (ie: not for >> runtime), then back to square one: it's ok to ship t
Bug#995722: Not running tests because tests miss source code is not useful
On വെ, ഒക്ടോ 8 2021 at 10:31:16 രാവിലെ +0200 +0200, Thomas Goirand wrote: On 10/7/21 11:40 AM, Pirate Praveen wrote: On 7 October 2021 3:02:55 am IST, Thomas Goirand wrote: On 10/6/21 6:53 PM, Pirate Praveen wrote: [adding -devel] On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard wrote: Quoting Yadd (2021-10-06 11:43:40) On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: > Source: src:node-lodash > Version: 4.17.21+dfsg+~cs8.31.173-1 > Severity: serious > Justification: do not compile from source > > Dear Maintainer, > > The vendor directory should be emptied > > The debug version is compiled without source (lintian warn) and moreover the > rest of file are already packaged > > grep -R vendor * gives only a few hit that could be cured by symlinking > > Bastien Hi, this files are used for test only, maybe severity could be decreased. I find the severity accurate: Relying on non-source code is a severe violation of Debian Policy, not matter the purpose of relying on it. I think we should change the policy here. Running tests helps improve the quality of the software we ship. Many times the vendored code is used to ensure the code does not break in a specific situation. I don't think reducing test coverage in such situations is really helpful. Right, running tests helps improve the quality of software we ship. Which is why you probably need to test using what's shipped in Debian rather than using a vendored source-less code. We are not shipping the source less code. You are: Debian also ships source code. I meant, not shipping in any binary package. Though as Russ mentioned in his reply. I will propose a GR. This is used only during tests. I don't think we are not gaining anything by removing tests here. Just making it harder for the package maintainer to run tests. You would not gain anything by removing tests, but you would win by making these tests completely free software. I am just saying it increases the work required to run tests and when disabling tests is an option, the incentive is to disable tests. If we rely on non-free code for tests, that's really bad too, and that must be avoided just like we're avoiding source-less code everywhere else in Debian. The policy shall not change, please. The code is not non-free here, just a specific version of a Free Software code built outside Debian. We build from source... We build the binary packages from source. I don't think it is useful to extend that to tests without considering the tradeoffs involved. I think tools required for tests should be considered separately from tools required to compile. I think it should be treated similar to test data. I don't agree. ok, lets see how the whole project feels via a GR and settle it. I just expressed my opinion, you expressed yours and we need to make a decision now. What you are proposing would require the package maintainer to adapt these tests to versions available (many times with different API versions) in Debian and the easier choice is disabling tests. No. I believe it's ok to have an embedded version of the JS files in the upstream code. This is a *very* different issue, please do not mix them. What I don't like is using a minified version of the JS files. That's *very* easy (hum... trivial?) to add a non-minified version in your Debian folder, and use that for tests. You don't care if running the tests is a little bit slower (because using a source-full version), do you? I don't think you really understand the complexities here. Building the minified version is not just running the minifier against the non minified code. The non minified code itself is generated using many other tools (typescript, transpiled using babel, bundled using rollup or webpack etc - many times the versions of these tools are very much different versions as well). However, there's this: On 10/7/21 6:17 PM, Richard Laager wrote: Running tests against vendored dependencies one isn't going to use at run-time is of limited usefulness. Best is, if you can, use the library packaged separately, in Debian, both for tests, and runtime. This way, you do ensure that: - patching Debian for security is still a thing - the package can run with the Debian version of the lib You are completely missing the reality here as well. The runtime dependencies are already used from the packaged versions. These vendored libraries are used only to create specific test cases or sometimes using alternative implementations to test the shipped code. I think it's less grave than just saying "oh, we don't care about these binary blobs, there's just for tests...". It's even worse, because by using a different version for tests and runtime, you're faking tests... See above. All runtime dependencies are packaged and used from packaged versions. In many cases the code
Bug#995722: Not running tests because tests miss source code is not useful
On 10/7/21 11:40 AM, Pirate Praveen wrote: > > > On 7 October 2021 3:02:55 am IST, Thomas Goirand wrote: >> On 10/6/21 6:53 PM, Pirate Praveen wrote: >>> [adding -devel] >>> >>> On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard >>> wrote: Quoting Yadd (2021-10-06 11:43:40) > On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: > > Source: src:node-lodash > > Version: 4.17.21+dfsg+~cs8.31.173-1 > > Severity: serious > > Justification: do not compile from source > > > > Dear Maintainer, > > > > The vendor directory should be emptied > > > > The debug version is compiled without source (lintian warn) and > moreover the > > rest of file are already packaged > > > > grep -R vendor * gives only a few hit that could be cured by > symlinking > > > > Bastien > Hi, > > this files are used for test only, maybe severity could be decreased. I find the severity accurate: Relying on non-source code is a severe violation of Debian Policy, not matter the purpose of relying on it. >>> >>> I think we should change the policy here. Running tests helps improve >>> the quality of the software we ship. Many times the vendored code is >>> used to ensure the code does not break in a specific situation. I don't >>> think reducing test coverage in such situations is really helpful. >> >> Right, running tests helps improve the quality of software we ship. >> Which is why you probably need to test using what's shipped in Debian >> rather than using a vendored source-less code. > > We are not shipping the source less code. You are: Debian also ships source code. > This is used only during tests. I don't think we are not gaining anything by > removing tests here. Just making it harder for the package maintainer to run > tests. You would not gain anything by removing tests, but you would win by making these tests completely free software. >> If we rely on non-free code for tests, that's really bad too, and that >> must be avoided just like we're avoiding source-less code everywhere >> else in Debian. The policy shall not change, please. >> > > The code is not non-free here, just a specific version of a Free Software > code built outside Debian. We build from source... > I think tools required for tests should be considered separately from tools > required to compile. I think it should be treated similar to test data. I don't agree. > What you are proposing would require the package maintainer to adapt these > tests to versions available (many times with different API versions) in > Debian and the easier choice is disabling tests. No. I believe it's ok to have an embedded version of the JS files in the upstream code. This is a *very* different issue, please do not mix them. What I don't like is using a minified version of the JS files. That's *very* easy (hum... trivial?) to add a non-minified version in your Debian folder, and use that for tests. You don't care if running the tests is a little bit slower (because using a source-full version), do you? However, there's this: On 10/7/21 6:17 PM, Richard Laager wrote: > Running tests against vendored dependencies one isn't going to use at > run-time is of limited usefulness. Best is, if you can, use the library packaged separately, in Debian, both for tests, and runtime. This way, you do ensure that: - patching Debian for security is still a thing - the package can run with the Debian version of the lib I think it's less grave than just saying "oh, we don't care about these binary blobs, there's just for tests...". It's even worse, because by using a different version for tests and runtime, you're faking tests... If the lib are just use for tests and nothing else (ie: not for runtime), then back to square one: it's ok to ship the non-minified version in your debian folder, and use that for running tests. It's also super easy and fast to implement. > I think blindly applying a rule without thinking of any consequences is bad > too. I think blindly saying "oh, it's ok, it's only test things..." is a *very* dangerous path that I would like Debian to avoid. > Just because it is bad in one situation does not mean it will be bad in every > situation. We should evaluate pros and cons of each situation before making a > decision. Blind faith is more suitable for religions and not for a project > like ours. Sorry, but using free software from source is *NOT* opened for debate. If you would like to do that, choose another distribution. We all signed-up for it, when becoming DDs, this is the foundations of Debian. > I think a nocheck build profile which excludes these files from build is > sufficient to ensure we are not using these to create binary package. What's the problem with using a non-minified version of the files? It's not difficult, and it doesn't take too much of your packaging time. > This way we guarantee only pack
Bug#995722: [Pkg-javascript-devel] Bug#995722: Not running tests because tests miss source code is not useful
Le 08/10/2021 à 10:18, Thomas Goirand a écrit : > On 10/7/21 7:06 AM, Yadd wrote: >> Le 06/10/2021 à 23:32, Thomas Goirand a écrit : >>> On 10/6/21 6:53 PM, Pirate Praveen wrote: [adding -devel] On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard wrote: > Quoting Yadd (2021-10-06 11:43:40) >> On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: >> > Source: src:node-lodash >> > Version: 4.17.21+dfsg+~cs8.31.173-1 >> > Severity: serious >> > Justification: do not compile from source >> > >> > Dear Maintainer, >> > >> > The vendor directory should be emptied >> > >> > The debug version is compiled without source (lintian warn) and >> moreover the >> > rest of file are already packaged >> > >> > grep -R vendor * gives only a few hit that could be cured by >> symlinking >> > >> > Bastien >> Hi, >> >> this files are used for test only, maybe severity could be decreased. > > I find the severity accurate: Relying on non-source code is a severe > violation of Debian Policy, not matter the purpose of relying on it. I think we should change the policy here. Running tests helps improve the quality of the software we ship. Many times the vendored code is used to ensure the code does not break in a specific situation. I don't think reducing test coverage in such situations is really helpful. >>> >>> Right, running tests helps improve the quality of software we ship. >>> Which is why you probably need to test using what's shipped in Debian >>> rather than using a vendored source-less code. >>> >>> If we rely on non-free code for tests, that's really bad too, and that >>> must be avoided just like we're avoiding source-less code everywhere >>> else in Debian. The policy shall not change, please. >> >> We are not talking about really-non-free code, but minified JavaScript >> code released under a free license. >> >> If we want to be strict here, there will be some excluded package: for >> example most of the softwares listed here will be excluded: >> https://lintian.debian.org/tags/embedded-javascript-library >> >> Is it what you want ? > > I would like these binaries (yes, minified JS is the same as binaries) > to be replaced by source code. Yes, that's what I want... which is not > what you're pointing at. You're pointing at packages not using Debian > version of the libraries, which is different. > > Somehow, I believe it's kind of ok if *docs* are using their own version > of these files, provided it's not a minified version. > > Cheers, > > Thomas Goirand (zigo) Take a look, most of them embed a minified version (jquery* for example)
Bug#995722: [Pkg-javascript-devel] Bug#995722: Not running tests because tests miss source code is not useful
On 10/7/21 7:06 AM, Yadd wrote: > Le 06/10/2021 à 23:32, Thomas Goirand a écrit : >> On 10/6/21 6:53 PM, Pirate Praveen wrote: >>> [adding -devel] >>> >>> On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard >>> wrote: Quoting Yadd (2021-10-06 11:43:40) > On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: > > Source: src:node-lodash > > Version: 4.17.21+dfsg+~cs8.31.173-1 > > Severity: serious > > Justification: do not compile from source > > > > Dear Maintainer, > > > > The vendor directory should be emptied > > > > The debug version is compiled without source (lintian warn) and > moreover the > > rest of file are already packaged > > > > grep -R vendor * gives only a few hit that could be cured by > symlinking > > > > Bastien > Hi, > > this files are used for test only, maybe severity could be decreased. I find the severity accurate: Relying on non-source code is a severe violation of Debian Policy, not matter the purpose of relying on it. >>> >>> I think we should change the policy here. Running tests helps improve >>> the quality of the software we ship. Many times the vendored code is >>> used to ensure the code does not break in a specific situation. I don't >>> think reducing test coverage in such situations is really helpful. >> >> Right, running tests helps improve the quality of software we ship. >> Which is why you probably need to test using what's shipped in Debian >> rather than using a vendored source-less code. >> >> If we rely on non-free code for tests, that's really bad too, and that >> must be avoided just like we're avoiding source-less code everywhere >> else in Debian. The policy shall not change, please. > > We are not talking about really-non-free code, but minified JavaScript > code released under a free license. > > If we want to be strict here, there will be some excluded package: for > example most of the softwares listed here will be excluded: > https://lintian.debian.org/tags/embedded-javascript-library > > Is it what you want ? I would like these binaries (yes, minified JS is the same as binaries) to be replaced by source code. Yes, that's what I want... which is not what you're pointing at. You're pointing at packages not using Debian version of the libraries, which is different. Somehow, I believe it's kind of ok if *docs* are using their own version of these files, provided it's not a minified version. Cheers, Thomas Goirand (zigo)
Bug#995722: [Pkg-javascript-devel] Bug#995722: Not running tests because tests miss source code is not useful
Quoting Yadd (2021-10-07 07:06:42) > Le 06/10/2021 à 23:32, Thomas Goirand a écrit : >> On 10/6/21 6:53 PM, Pirate Praveen wrote: >>> On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard >>> wrote: Quoting Yadd (2021-10-06 11:43:40) > On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: >> Source: src:node-lodash >> Version: 4.17.21+dfsg+~cs8.31.173-1 >> Severity: serious >> Justification: do not compile from source >> >> Dear Maintainer, >> >> The vendor directory should be emptied >> >> The debug version is compiled without source (lintian warn) and >> moreover the rest of file are already packaged >> >> grep -R vendor * gives only a few hit that could be cured by >> symlinking > this files are used for test only, maybe severity could be > decreased. I find the severity accurate: Relying on non-source code is a severe violation of Debian Policy, not matter the purpose of relying on it. >>> >>> I think we should change the policy here. Running tests helps >>> improve the quality of the software we ship. Many times the vendored >>> code is used to ensure the code does not break in a specific >>> situation. I don't think reducing test coverage in such situations >>> is really helpful. >> >> Right, running tests helps improve the quality of software we ship. >> Which is why you probably need to test using what's shipped in Debian >> rather than using a vendored source-less code. >> >> If we rely on non-free code for tests, that's really bad too, and >> that must be avoided just like we're avoiding source-less code >> everywhere else in Debian. The policy shall not change, please. > > We are not talking about really-non-free code, but minified JavaScript > code released under a free license. > > If we want to be strict here, there will be some excluded package: for > example most of the softwares listed here will be excluded: > https://lintian.debian.org/tags/embedded-javascript-library > > Is it what you want ? We all want to do most possible with Free software, and call that "main". Some of us additionally want to extend that with possibilities beyond Free software, and call that "contrib" and "non-free". We all want to be strict about using only Free software, but we do not necessarily want to throw away minified code. We often throw away upstream-generated minified code because it is an easy way to ensure that we are strictly using only Free software, but alternatives exist: One alternative is to somehow ensure that the minified code is Free software - i.e. that all source for that code exist in Debian and if source changes then we are able to generate that minified code purely from the Debian-included sources. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#995722: Not running tests because tests miss source code is not useful
On 7 October 2021 3:02:55 am IST, Thomas Goirand wrote: >On 10/6/21 6:53 PM, Pirate Praveen wrote: >> [adding -devel] >> >> On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard >> wrote: >>> Quoting Yadd (2021-10-06 11:43:40) On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: > Source: src:node-lodash > Version: 4.17.21+dfsg+~cs8.31.173-1 > Severity: serious > Justification: do not compile from source > > Dear Maintainer, > > The vendor directory should be emptied > > The debug version is compiled without source (lintian warn) and moreover the > rest of file are already packaged > > grep -R vendor * gives only a few hit that could be cured by symlinking > > Bastien Hi, this files are used for test only, maybe severity could be decreased. >>> >>> I find the severity accurate: Relying on non-source code is a severe >>> violation of Debian Policy, not matter the purpose of relying on it. >> >> I think we should change the policy here. Running tests helps improve >> the quality of the software we ship. Many times the vendored code is >> used to ensure the code does not break in a specific situation. I don't >> think reducing test coverage in such situations is really helpful. > >Right, running tests helps improve the quality of software we ship. >Which is why you probably need to test using what's shipped in Debian >rather than using a vendored source-less code. We are not shipping the source less code. This is used only during tests. I don't think we are not gaining anything by removing tests here. Just making it harder for the package maintainer to run tests. >If we rely on non-free code for tests, that's really bad too, and that >must be avoided just like we're avoiding source-less code everywhere >else in Debian. The policy shall not change, please. > The code is not non-free here, just a specific version of a Free Software code built outside Debian. I think tools required for tests should be considered separately from tools required to compile. I think it should be treated similar to test data. What you are proposing would require the package maintainer to adapt these tests to versions available (many times with different API versions) in Debian and the easier choice is disabling tests. I think blindly applying a rule without thinking of any consequences is bad too. Just because it is bad in one situation does not mean it will be bad in every situation. We should evaluate pros and cons of each situation before making a decision. Blind faith is more suitable for religions and not for a project like ours. I think a nocheck build profile which excludes these files from build is sufficient to ensure we are not using these to create binary package. This way we guarantee only packages in main is used to generate the binary, but still allows to run tests optionally making it easy to find problems, especially during transitions. Currently when tests are missing transitions are harder because we can't find breakages easily since tests are disabled. The current policy is not making Debian better. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Bug#995722: [Pkg-javascript-devel] Bug#995722: Not running tests because tests miss source code is not useful
Le 06/10/2021 à 23:32, Thomas Goirand a écrit : > On 10/6/21 6:53 PM, Pirate Praveen wrote: >> [adding -devel] >> >> On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard >> wrote: >>> Quoting Yadd (2021-10-06 11:43:40) On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: > Source: src:node-lodash > Version: 4.17.21+dfsg+~cs8.31.173-1 > Severity: serious > Justification: do not compile from source > > Dear Maintainer, > > The vendor directory should be emptied > > The debug version is compiled without source (lintian warn) and moreover the > rest of file are already packaged > > grep -R vendor * gives only a few hit that could be cured by symlinking > > Bastien Hi, this files are used for test only, maybe severity could be decreased. >>> >>> I find the severity accurate: Relying on non-source code is a severe >>> violation of Debian Policy, not matter the purpose of relying on it. >> >> I think we should change the policy here. Running tests helps improve >> the quality of the software we ship. Many times the vendored code is >> used to ensure the code does not break in a specific situation. I don't >> think reducing test coverage in such situations is really helpful. > > Right, running tests helps improve the quality of software we ship. > Which is why you probably need to test using what's shipped in Debian > rather than using a vendored source-less code. > > If we rely on non-free code for tests, that's really bad too, and that > must be avoided just like we're avoiding source-less code everywhere > else in Debian. The policy shall not change, please. We are not talking about really-non-free code, but minified JavaScript code released under a free license. If we want to be strict here, there will be some excluded package: for example most of the softwares listed here will be excluded: https://lintian.debian.org/tags/embedded-javascript-library Is it what you want ?
Bug#995722: Not running tests because tests miss source code is not useful
On 10/6/21 6:53 PM, Pirate Praveen wrote: > [adding -devel] > > On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard > wrote: >> Quoting Yadd (2021-10-06 11:43:40) >>> On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: >>> > Source: src:node-lodash >>> > Version: 4.17.21+dfsg+~cs8.31.173-1 >>> > Severity: serious >>> > Justification: do not compile from source >>> > >>> > Dear Maintainer, >>> > >>> > The vendor directory should be emptied >>> > >>> > The debug version is compiled without source (lintian warn) and >>> moreover the >>> > rest of file are already packaged >>> > >>> > grep -R vendor * gives only a few hit that could be cured by >>> symlinking >>> > >>> > Bastien >>> Hi, >>> >>> this files are used for test only, maybe severity could be decreased. >> >> I find the severity accurate: Relying on non-source code is a severe >> violation of Debian Policy, not matter the purpose of relying on it. > > I think we should change the policy here. Running tests helps improve > the quality of the software we ship. Many times the vendored code is > used to ensure the code does not break in a specific situation. I don't > think reducing test coverage in such situations is really helpful. Right, running tests helps improve the quality of software we ship. Which is why you probably need to test using what's shipped in Debian rather than using a vendored source-less code. If we rely on non-free code for tests, that's really bad too, and that must be avoided just like we're avoiding source-less code everywhere else in Debian. The policy shall not change, please. Cheers, Thomas Goirand (zigo)
Bug#995722: Not running tests because tests miss source code is not useful
[adding -devel] On ബു, ഒക്ടോ 6 2021 at 12:16:07 വൈകു +0200 +0200, Jonas Smedegaard wrote: Quoting Yadd (2021-10-06 11:43:40) On Lu, 04 oct 21, 16:40:48, Bastien Roucari�s wrote: > Source: src:node-lodash > Version: 4.17.21+dfsg+~cs8.31.173-1 > Severity: serious > Justification: do not compile from source > > Dear Maintainer, > > The vendor directory should be emptied > > The debug version is compiled without source (lintian warn) and moreover the > rest of file are already packaged > > grep -R vendor * gives only a few hit that could be cured by symlinking > > Bastien Hi, this files are used for test only, maybe severity could be decreased. I find the severity accurate: Relying on non-source code is a severe violation of Debian Policy, not matter the purpose of relying on it. I think we should change the policy here. Running tests helps improve the quality of the software we ship. Many times the vendored code is used to ensure the code does not break in a specific situation. I don't think reducing test coverage in such situations is really helpful.
