Re: [Pkg-javascript-devel] JavaScript policy?
Le 22/03/2014 12:37, David Prévot a écrit : Le 22/03/2014 05:33, Emilien Klein a écrit : On 03/21/2014 11:22 PM, François-Régis wrote: Le 21/03/2014 07:45, Emilien Klein a écrit : We may have something like : * Origin tarball should not include any minify code. Maybe there is a missing “sourceless” here: it’s perfectly fine for a source package to embed a convenient binary/prebuilt copy, as long as it is not used in the binary package, but instead rebuild it from source and ships the rebuilt version. In order not to make minified JavaScript any different, the first point should read: * Origin tarball should not include any sourceless minified code. This is exactly not what Marcelo said in [0] and its reference to [1] shows that he removes minifies files from origin tarball althought they have source files. [0] http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2014-March/007176.html [1] http://anonscm.debian.org/gitweb/?p=pkg-javascript/flot.git;a=blob;f=debian/rules;h=83670cf0ec4aaec4817d6f2eb68d0756d85ac553;hb=HEAD Regarding the removal of the minified files: that is done to comply with the DFSG, as minified files are assimilated to compiled objects, not source code. As Debian requires the source to be provided, not the compiled binaries, the minified files must be removed fromt the upstream tarball. Again, only if the source is not provided. An alternative in case upstream provides sourceless minified JavaScript in their tarball, would be to ship the source (e.g., dug up from their source repository, or from JQuery) inside the debian directory, and rebuild it for (or do nothing if it isn’t shipped in) the binary package: it can save a repack. I may be wrong but perhaps providing minified files in source tarball (which are considered as binary files) is DFSG compliant providing we have the sources, but debian policy is to exclude them from sources. Alternatively, the Excluded-Files feature of uscan(1) can do it for you. Of course it could. -- François-Régis signature.asc Description: OpenPGP digital signature ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] JavaScript policy?
Hi François-Régis,
I may be wrong but perhaps providing minified files in source tarball
(which are considered as binary files) is DFSG compliant providing we
have the sources, but debian policy is to exclude them from sources.
Can you please be specific about what (point of) debian policy are you
referring to? The Developers Reference, on the contrary, advises to keep
useless but DFSG-compliant files: A repackaged .orig.tar.{gz,bz2,xz} [
]
should, except where impossible for legal reasons, preserve the entire
building and portablility infrastructure provided by the upstream author.
For example, it is not a sufficient reason for omitting a file that it is
used only when building on MS-DOS. Similarly, a Makefile provided by
upstream should not be omitted even if the first thing your debian/rules
does is to overwrite it by running a configure script.
https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.html#repackagedorigtargz
Regards
David
___
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] JavaScript policy?
Quoting François-Régis (2014-03-25 01:07:20) Le 22/03/2014 12:37, David Prévot a écrit : Le 22/03/2014 05:33, Emilien Klein a écrit : On 03/21/2014 11:22 PM, François-Régis wrote: Le 21/03/2014 07:45, Emilien Klein a écrit : We may have something like : * Origin tarball should not include any minify code. Maybe there is a missing “sourceless” here: it’s perfectly fine for a source package to embed a convenient binary/prebuilt copy, as long as it is not used in the binary package, but instead rebuild it from source and ships the rebuilt version. In order not to make minified JavaScript any different, the first point should read: * Origin tarball should not include any sourceless minified code. I find that a sensible change to our Policy. But that does *not* mean that a non-minified Javascript file and a minified one in same tarball can blindly be assumed to be code-identical: You would still need to actually prove that somehow - e.g. by (re-)minifying both! This is exactly not what Marcelo said in [0] and its reference to [1] shows that he removes minifies files from origin tarball althought they have source files. [0] http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/2014-March/007176.html [1] http://anonscm.debian.org/gitweb/?p=pkg-javascript/flot.git;a=blob;f=debian/rules;h=83670cf0ec4aaec4817d6f2eb68d0756d85ac553;hb=HEAD I don't understand what point you are trying to make: Even with above change to our Policy, it is still very valid to continue to repackage tarballs stripping suspect code instead of the more tedious task of proving that they are indeed acceptable for us to redistribute. - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
Re: [Pkg-javascript-devel] JavaScript policy?
David Prévot da...@tilapin.org writes: Hi François-Régis, I may be wrong but perhaps providing minified files in source tarball (which are considered as binary files) is DFSG compliant providing we have the sources, but debian policy is to exclude them from sources. Can you please be specific about what (point of) “debian policy” are you referring to? I think the policy referred to there is not Debian Policy, but the policy of the FTP-master team. The Developers’ Reference, on the contrary, advises to keep useless but DFSG-compliant files: Note that the section you quote is explicitly limited to unused *build infrastructure*, i.e. files that comprise tools needed for changing and building from the source package. That does not match compiled (minified) JavaScript files, which are clearly not part of the build infrastructure – they are the *end product* of a build, and hence not part of the source. -- \ “We can't depend for the long run on distinguishing one | `\ bitstream from another in order to figure out which rules | _o__) apply.” —Eben Moglen, _Anarchism Triumphant_, 1999 | Ben Finney ___ Pkg-javascript-devel mailing list Pkg-javascript-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
