Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Oct 21, 2016 at 07:26:43AM +0200, Vincent Bernat wrote: > It would be as easy for the security team to modify the unminified version > than the "upper" upstream version of the source. The release team has just decided that "browserified"

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Scott Kitterman writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)"): > It would be nice if the language police could give it a rest. > Personally, I don't see that as being significantl

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Quoting Vincent Bernat (2016-10-21 07:26:43) > ❦ 21 octobre 2016 00:20 +0200, Joerg Jaspert  : > >>> #!/bin/sh >>> # I absolutely new nothing about gulp, coffeescript, sass and uglify 15 >>> minutes ago... >>> [...] >>> If you insist I can add build.sh script to the

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

❦ 21 octobre 2016 00:20 +0200, Joerg Jaspert  : >> #!/bin/sh >> # I absolutely new nothing about gulp, coffeescript, sass and uglify 15 >> minutes ago... >> [...] >> If you insist I can add build.sh script to the missing-source, but > > No, you do not put it in missing-source

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On Fri, Oct 21, 2016, at 00:20, Joerg Jaspert wrote: > On 14466 March 1977, Ondřej Surý wrote: > > > to stop you from bickering on and on, the build script can be > > reconstructed > > just from reading gulpfile.js and would consist of installing ruby-sass, > > coffeescript and node-uglify and

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Ondřej Surý writes: > Gentlemen (arguing over and over) and ladies (watching this thread), Can we not characterise entire genders inaccurately, please? Preferably, not at all, since it seems entirely irrelevant to the discussion. -- \ “To punish me for my contempt of

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On October 20, 2016 7:15:45 PM EDT, Ian Jackson <ijack...@chiark.greenend.org.uk> wrote: >Joerg Jaspert writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" >stuff (knot-resolver-module-http: please package embedded epoch.js >separately)"): >&g

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Joerg Jaspert writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)"): > On 14466 March 1977, Ondřej Surý wrote: > > If you insist I can add build.sh script to the missing-source

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On 14466 March 1977, Ondřej Surý wrote: > to stop you from bickering on and on, the build script can be > reconstructed > just from reading gulpfile.js and would consist of installing ruby-sass, > coffeescript and node-uglify and running: > #!/bin/sh > # I absolutely new nothing about gulp,

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Quoting Ian Jackson (2016-10-20 17:45:54) > Ondřej Surý writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff > (knot-resolver-module-http: please package embedded epoch.js separately)"): > > Gentlemen (arguing over and over) and ladies (watching this t

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Quoting Scott Kitterman (2016-10-20 16:35:22) > On Thursday, October 20, 2016 04:06:10 PM Jonas Smedegaard wrote: > > Quoting Ondřej Surý (2016-10-20 15:48:08) > > > > > to stop you from bickering on and on, the build script can be > > > reconstructed just from reading gulpfile.js and would

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Ondřej Surý writes ("Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)"): > Gentlemen (arguing over and over) and ladies (watching this thread), > > [as code speaks more than words...] &g

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On Thursday, October 20, 2016 04:06:10 PM Jonas Smedegaard wrote: > Quoting Ondřej Surý (2016-10-20 15:48:08) > > > to stop you from bickering on and on, the build script can be > > reconstructed just from reading gulpfile.js and would consist of > > > installing ruby-sass, coffeescript and

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Quoting Ondřej Surý (2016-10-20 15:48:08) > to stop you from bickering on and on, the build script can be > reconstructed just from reading gulpfile.js and would consist of > installing ruby-sass, coffeescript and node-uglify and running: Fine. Now, to get back to the original dispute whether

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Gentlemen (arguing over and over) and ladies (watching this thread), [as code speaks more than words...] to stop you from bickering on and on, the build script can be reconstructed just from reading gulpfile.js and would consist of installing ruby-sass, coffeescript and node-uglify and running:

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 19, 2016 at 09:07:26AM +0200, Vincent Bernat wrote: > gulp is just a glorified make and doesn't compile anything on its own. If make wouldn't be in main, any program using it in its build process would also not be allowed in main. The

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

❦ 14 octobre 2016 10:49 +0200, "W. Martin Borgert"  : > Let's say I need a special tool to compile it, e.g. > bison-priscus, and I don't want to package it for Debian? [...] >> No. You as the maintainer have to guarantee that the file is >> buildable with tools available

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

>> On 14458 March 1977, W. Martin Borgert wrote: >> > If I package a compiler and put y.tab.c in the package, drop >> > grammar.y in d/m-s/, would it be OK or not? >> If you come up with a good reason for it, yes. But I doubt you would >> find one here. > Let's say I need a special tool to compile

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Mike Hommey: > On Thu, Oct 13, 2016 at 05:48:00AM +, Niels Thykier wrote: >> [...] >> This should happen on its own as people convert their packages to >> debhelper compat 10. > > which is not possible for everyone who cares about backporting their > packages. > > Mike > FTR,

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Oct 14, 2016 at 10:49:06AM +0200, W. Martin Borgert wrote: > On 2016-10-13 22:39, Joerg Jaspert wrote: > > On 14458 March 1977, W. Martin Borgert wrote: > > > If I package a compiler and put y.tab.c in the package, drop > > > grammar.y in

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On 2016-10-13 22:39, Joerg Jaspert wrote: > On 14458 March 1977, W. Martin Borgert wrote: > > If I package a compiler and put y.tab.c in the package, drop > > grammar.y in d/m-s/, would it be OK or not? > > If you come up with a good reason for it, yes. But I doubt you would > find one here.

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On 14458 March 1977, W. Martin Borgert wrote: >> Dunno. It would be great if the line wasn't challenged just to prove a >> point > I don't think tincho nor myself want to challenge a line, we > would like to know where it is :~) > If I package a compiler and put y.tab.c in the package, drop >

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On 10/13/2016 08:03 AM, Mike Hommey wrote: > On Thu, Oct 13, 2016 at 05:48:00AM +, Niels Thykier wrote: >> W. Martin Borgert: >>> On 2016-10-12 21:41, Vincent Bernat wrote: ❦ 12 octobre 2016 18:54 CEST, Martín Ferrari : > I had always understood that rebuilding

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On Thu, Oct 13, 2016 at 05:48:00AM +, Niels Thykier wrote: > W. Martin Borgert: > > On 2016-10-12 21:41, Vincent Bernat wrote: > >> ❦ 12 octobre 2016 18:54 CEST, Martín Ferrari : > >>> I had always understood that rebuilding from source was a hard > >>> requirement. Is

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

❦ 12 octobre 2016 23:27 CEST, "W. Martin Borgert"  : > If I package a compiler and put y.tab.c in the package, drop > grammar.y in d/m-s/, would it be OK or not? If I don't even > check that bison actually can process the file, would it > still be OK? I can't say for sure

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

W. Martin Borgert: > On 2016-10-12 21:41, Vincent Bernat wrote: >> ❦ 12 octobre 2016 18:54 CEST, Martín Ferrari : >>> I had always understood that rebuilding from source was a hard >>> requirement. Is this not the case any more? >> >> This has never been the case. Since the

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On Thu, Oct 13, 2016 at 6:16 AM, Ben Finney wrote: > How will we know that those are the corresponding source for the work > Debian installs? The maintainer could have verified it before uploading. > One way is to actually use that exact source, to build the package. That is the only realistic

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

"W. Martin Borgert" writes: > There are some packages, that currently have only generated JS files > without the original sources (not only SASS and CoffeeScript, but also > large JS libraries, that are bundled from many source files), which > seems not in line with DFSG. > >

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On 2016-10-12 21:41, Vincent Bernat wrote: > ❦ 12 octobre 2016 18:54 CEST, Martín Ferrari  : > > I had always understood that rebuilding from source was a hard > > requirement. Is this not the case any more? > > This has never been the case. Since the beginning, there was no >

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Oct 12, 2016 at 10:09:12PM +0200, Martín Ferrari wrote: > On 12/10/16 21:41, Vincent Bernat wrote: > >> I don't think that shipping a binary compiled upstream should be > >> allowed, so where's the line drawn? Technically it would be allowed,

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On 12/10/16 21:41, Vincent Bernat wrote: >> I don't think that shipping a binary compiled upstream should be >> allowed, so where's the line drawn? > > Dunno. It would be great if the line wasn't challenged just to prove a > point and eject a lot of packages from main while DFSG#2 is correctly >

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

❦ 12 octobre 2016 18:54 CEST, Martín Ferrari  : > I might have forgotten some important parts, or I missed the > announcements when I was inactive for a while. But I am confused by > these 2 statements, and would love to get some pointers to learn more: > > >> On 2016-10-11

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

I might have forgotten some important parts, or I missed the announcements when I was inactive for a while. But I am confused by these 2 statements, and would love to get some pointers to learn more: > On 2016-10-11 15:28, Vincent Bernat wrote: >> Those specific sources are buildable from tools

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On 2016-10-11 15:28, Vincent Bernat wrote: > Those specific sources are buildable from tools in main (aka > coffeescript compiler, sass compiler, cat + uglifyjs). There is no hard > requirement to rebuild from source when building the package. (While I wonder how one can be sure that a software

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

❦ 11 octobre 2016 15:03 CEST, Paul Wise  : >> Fine, I'll bundle them as well. > > Bundling the actual source instead of prebuilt files still doesn't > solve the problem of not being able to build from source because the > build tools are missing from Debian. Those specific

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On Tue, Oct 11, 2016 at 8:56 PM, Ondřej Surý wrote: > Fine, I'll bundle them as well. Bundling the actual source instead of prebuilt files still doesn't solve the problem of not being able to build from source because the build tools are missing from Debian. It has always been ftp-master policy

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Fine, I'll bundle them as well. Just don't make me maintain a package in a language more horrible than PHP (in my eyes :-P). O. -- Ondřej Surý Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure,

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On Tue, Oct 11, 2016 at 8:30 PM, Ondřej Surý wrote: > Anybody is free to package epoch.js into separate package and I'll > switch to using it, just don't shove more work by using BTS severities. epoch.js upstream publishes their build info, so it looks like the first step would be to finish the

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

On Tue, Oct 11, 2016 at 8:30 PM, Ondřej Surý wrote: > Definitely not serious here, as I do ship original sources from within > the package: > > $ find . -name 'epoch*' > ./modules/http/static/epoch.css > ./modules/http/static/epoch.js > ./debian/missing-sources/epoch.css >

Re: [Pkg-dns-devel] Bug#833309: "Browserified" stuff (knot-resolver-module-http: please package embedded epoch.js separately)

Control: severity -1 wishlist Definitely not serious here, as I do ship original sources from within the package: $ find . -name 'epoch*' ./modules/http/static/epoch.css ./modules/http/static/epoch.js ./debian/missing-sources/epoch.css ./debian/missing-sources/epoch.js Anybody is free to