-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Oct 21, 2016 at 07:26:43AM +0200, Vincent Bernat wrote:
> It would be as easy for the security team to modify the unminified version
> than the "upper" upstream version of the source.
The release team has just decided that "browserified"
Scott Kitterman writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff
(knot-resolver-module-http: please package embedded epoch.js separately)"):
> It would be nice if the language police could give it a rest.
> Personally, I don't see that as being significantl
Quoting Vincent Bernat (2016-10-21 07:26:43)
> ❦ 21 octobre 2016 00:20 +0200, Joerg Jaspert :
>
>>> #!/bin/sh
>>> # I absolutely new nothing about gulp, coffeescript, sass and uglify 15
>>> minutes ago...
>>> [...]
>>> If you insist I can add build.sh script to the
❦ 21 octobre 2016 00:20 +0200, Joerg Jaspert :
>> #!/bin/sh
>> # I absolutely new nothing about gulp, coffeescript, sass and uglify 15
>> minutes ago...
>> [...]
>> If you insist I can add build.sh script to the missing-source, but
>
> No, you do not put it in missing-source
On Fri, Oct 21, 2016, at 00:20, Joerg Jaspert wrote:
> On 14466 March 1977, Ondřej Surý wrote:
>
> > to stop you from bickering on and on, the build script can be
> > reconstructed
> > just from reading gulpfile.js and would consist of installing ruby-sass,
> > coffeescript and node-uglify and
Ondřej Surý writes:
> Gentlemen (arguing over and over) and ladies (watching this thread),
Can we not characterise entire genders inaccurately, please? Preferably,
not at all, since it seems entirely irrelevant to the discussion.
--
\ “To punish me for my contempt of
On October 20, 2016 7:15:45 PM EDT, Ian Jackson
<ijack...@chiark.greenend.org.uk> wrote:
>Joerg Jaspert writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified"
>stuff (knot-resolver-module-http: please package embedded epoch.js
>separately)"):
>&g
Joerg Jaspert writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff
(knot-resolver-module-http: please package embedded epoch.js separately)"):
> On 14466 March 1977, Ondřej Surý wrote:
> > If you insist I can add build.sh script to the missing-source
On 14466 March 1977, Ondřej Surý wrote:
> to stop you from bickering on and on, the build script can be
> reconstructed
> just from reading gulpfile.js and would consist of installing ruby-sass,
> coffeescript and node-uglify and running:
> #!/bin/sh
> # I absolutely new nothing about gulp,
Quoting Ian Jackson (2016-10-20 17:45:54)
> Ondřej Surý writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff
> (knot-resolver-module-http: please package embedded epoch.js separately)"):
> > Gentlemen (arguing over and over) and ladies (watching this t
Quoting Scott Kitterman (2016-10-20 16:35:22)
> On Thursday, October 20, 2016 04:06:10 PM Jonas Smedegaard wrote:
> > Quoting Ondřej Surý (2016-10-20 15:48:08)
> >
> > > to stop you from bickering on and on, the build script can be
> > > reconstructed just from reading gulpfile.js and would
Ondřej Surý writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff
(knot-resolver-module-http: please package embedded epoch.js separately)"):
> Gentlemen (arguing over and over) and ladies (watching this thread),
>
> [as code speaks more than words...]
&g
On Thursday, October 20, 2016 04:06:10 PM Jonas Smedegaard wrote:
> Quoting Ondřej Surý (2016-10-20 15:48:08)
>
> > to stop you from bickering on and on, the build script can be
> > reconstructed just from reading gulpfile.js and would consist of
>
> > installing ruby-sass, coffeescript and
Quoting Ondřej Surý (2016-10-20 15:48:08)
> to stop you from bickering on and on, the build script can be
> reconstructed just from reading gulpfile.js and would consist of
> installing ruby-sass, coffeescript and node-uglify and running:
Fine.
Now, to get back to the original dispute whether
Gentlemen (arguing over and over) and ladies (watching this thread),
[as code speaks more than words...]
to stop you from bickering on and on, the build script can be
reconstructed
just from reading gulpfile.js and would consist of installing ruby-sass,
coffeescript and node-uglify and running:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Oct 19, 2016 at 09:07:26AM +0200, Vincent Bernat wrote:
> gulp is just a glorified make and doesn't compile anything on its own.
If make wouldn't be in main, any program using it in its build process would
also not be allowed in main. The
❦ 14 octobre 2016 10:49 +0200, "W. Martin Borgert" :
> Let's say I need a special tool to compile it, e.g.
> bison-priscus, and I don't want to package it for Debian?
[...]
>> No. You as the maintainer have to guarantee that the file is
>> buildable with tools available
>> On 14458 March 1977, W. Martin Borgert wrote:
>> > If I package a compiler and put y.tab.c in the package, drop
>> > grammar.y in d/m-s/, would it be OK or not?
>> If you come up with a good reason for it, yes. But I doubt you would
>> find one here.
> Let's say I need a special tool to compile
Mike Hommey:
> On Thu, Oct 13, 2016 at 05:48:00AM +, Niels Thykier wrote:
>> [...]
>> This should happen on its own as people convert their packages to
>> debhelper compat 10.
>
> which is not possible for everyone who cares about backporting their
> packages.
>
> Mike
>
FTR,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Oct 14, 2016 at 10:49:06AM +0200, W. Martin Borgert wrote:
> On 2016-10-13 22:39, Joerg Jaspert wrote:
> > On 14458 March 1977, W. Martin Borgert wrote:
> > > If I package a compiler and put y.tab.c in the package, drop
> > > grammar.y in
On 2016-10-13 22:39, Joerg Jaspert wrote:
> On 14458 March 1977, W. Martin Borgert wrote:
> > If I package a compiler and put y.tab.c in the package, drop
> > grammar.y in d/m-s/, would it be OK or not?
>
> If you come up with a good reason for it, yes. But I doubt you would
> find one here.
On 14458 March 1977, W. Martin Borgert wrote:
>> Dunno. It would be great if the line wasn't challenged just to prove a
>> point
> I don't think tincho nor myself want to challenge a line, we
> would like to know where it is :~)
> If I package a compiler and put y.tab.c in the package, drop
>
On 10/13/2016 08:03 AM, Mike Hommey wrote:
> On Thu, Oct 13, 2016 at 05:48:00AM +, Niels Thykier wrote:
>> W. Martin Borgert:
>>> On 2016-10-12 21:41, Vincent Bernat wrote:
❦ 12 octobre 2016 18:54 CEST, Martín Ferrari :
> I had always understood that rebuilding
On Thu, Oct 13, 2016 at 05:48:00AM +, Niels Thykier wrote:
> W. Martin Borgert:
> > On 2016-10-12 21:41, Vincent Bernat wrote:
> >> ❦ 12 octobre 2016 18:54 CEST, Martín Ferrari :
> >>> I had always understood that rebuilding from source was a hard
> >>> requirement. Is
❦ 12 octobre 2016 23:27 CEST, "W. Martin Borgert" :
> If I package a compiler and put y.tab.c in the package, drop
> grammar.y in d/m-s/, would it be OK or not? If I don't even
> check that bison actually can process the file, would it
> still be OK?
I can't say for sure
W. Martin Borgert:
> On 2016-10-12 21:41, Vincent Bernat wrote:
>> ❦ 12 octobre 2016 18:54 CEST, Martín Ferrari :
>>> I had always understood that rebuilding from source was a hard
>>> requirement. Is this not the case any more?
>>
>> This has never been the case. Since the
On Thu, Oct 13, 2016 at 6:16 AM, Ben Finney wrote:
> How will we know that those are the corresponding source for the work
> Debian installs?
The maintainer could have verified it before uploading.
> One way is to actually use that exact source, to build the package.
That is the only realistic
"W. Martin Borgert" writes:
> There are some packages, that currently have only generated JS files
> without the original sources (not only SASS and CoffeeScript, but also
> large JS libraries, that are bundled from many source files), which
> seems not in line with DFSG.
>
>
On 2016-10-12 21:41, Vincent Bernat wrote:
> ❦ 12 octobre 2016 18:54 CEST, Martín Ferrari :
> > I had always understood that rebuilding from source was a hard
> > requirement. Is this not the case any more?
>
> This has never been the case. Since the beginning, there was no
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, Oct 12, 2016 at 10:09:12PM +0200, Martín Ferrari wrote:
> On 12/10/16 21:41, Vincent Bernat wrote:
> >> I don't think that shipping a binary compiled upstream should be
> >> allowed, so where's the line drawn?
Technically it would be allowed,
On 12/10/16 21:41, Vincent Bernat wrote:
>> I don't think that shipping a binary compiled upstream should be
>> allowed, so where's the line drawn?
>
> Dunno. It would be great if the line wasn't challenged just to prove a
> point and eject a lot of packages from main while DFSG#2 is correctly
>
❦ 12 octobre 2016 18:54 CEST, Martín Ferrari :
> I might have forgotten some important parts, or I missed the
> announcements when I was inactive for a while. But I am confused by
> these 2 statements, and would love to get some pointers to learn more:
>
>
>> On 2016-10-11
I might have forgotten some important parts, or I missed the
announcements when I was inactive for a while. But I am confused by
these 2 statements, and would love to get some pointers to learn more:
> On 2016-10-11 15:28, Vincent Bernat wrote:
>> Those specific sources are buildable from tools
On 2016-10-11 15:28, Vincent Bernat wrote:
> Those specific sources are buildable from tools in main (aka
> coffeescript compiler, sass compiler, cat + uglifyjs). There is no hard
> requirement to rebuild from source when building the package.
(While I wonder how one can be sure that a software
❦ 11 octobre 2016 15:03 CEST, Paul Wise :
>> Fine, I'll bundle them as well.
>
> Bundling the actual source instead of prebuilt files still doesn't
> solve the problem of not being able to build from source because the
> build tools are missing from Debian.
Those specific
On Tue, Oct 11, 2016 at 8:56 PM, Ondřej Surý wrote:
> Fine, I'll bundle them as well.
Bundling the actual source instead of prebuilt files still doesn't
solve the problem of not being able to build from source because the
build tools are missing from Debian. It has always been ftp-master
policy
Fine, I'll bundle them as well. Just don't make me maintain a package in
a language more horrible than PHP (in my eyes :-P).
O.
--
Ondřej Surý
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Knot Resolver (https://www.knot-resolver.cz/) – secure,
On Tue, Oct 11, 2016 at 8:30 PM, Ondřej Surý wrote:
> Anybody is free to package epoch.js into separate package and I'll
> switch to using it, just don't shove more work by using BTS severities.
epoch.js upstream publishes their build info, so it looks like the
first step would be to finish the
On Tue, Oct 11, 2016 at 8:30 PM, Ondřej Surý wrote:
> Definitely not serious here, as I do ship original sources from within
> the package:
>
> $ find . -name 'epoch*'
> ./modules/http/static/epoch.css
> ./modules/http/static/epoch.js
> ./debian/missing-sources/epoch.css
>
Control: severity -1 wishlist
Definitely not serious here, as I do ship original sources from within
the package:
$ find . -name 'epoch*'
./modules/http/static/epoch.css
./modules/http/static/epoch.js
./debian/missing-sources/epoch.css
./debian/missing-sources/epoch.js
Anybody is free to
40 matches
Mail list logo