I also disagree with the assessment of "wontfix". The ABI incompatibility with upstream is not just "regrettable", but an actual bug. It's not supported behaviour; it's an undocumented ABI deviation, and as soon as upstream became aware of it, they filed an issue. The SRU policy states that it covers:
> Bugs which represent severe regressions from the previous release of Ubuntu. Breaking the ABI contract that the rest of the NodeJS ecosystem relies on when the previous LTS did not represents a severe regression, IMO. Debian (and by proxy Ubuntu) did not make clear to end users that we were not honouring upstream ABI compatibility with this package when we chose to link against an incompatible OpenSSL. Users typically have a default expectation of compatibility unless clearly stated otherwise. Python wheels are compatible with distro Pythons; why wouldn't compiled node extensions be compatible with distro node? In my experience, many users don't even know there's a difference between the upstream and apt versions! Because ABI incompatibility is subtle and difficult for end users to diagnose, it is even more important that we get this addressed in Ubuntu rather than expecting users to work around us. The SRU policy recognizes this: "Users of the official release ... are less experienced with Ubuntu and with Linux, and expect a reliable system which does not require their intervention." In this case, users would need to uninstall the distro nodejs and figure out how to use upstream instead to work around the incompatibility, which constitutes a lot of extra friction. The majority use case is "I want to `apt-get install node` and `npm install` my deps", and I don't know why we should break those users in favour of ABI compat for the people building their native dependencies against the Ubuntu node ABI, if such users even exist. nodejs/node- gyp#1415 seems to suggest they don't. The fact that no bugs have been filed against Debian or Ubuntu about native dependencies failing to compile due to said bug is stronger evidence that users aren't doing this. I think the downside is much greater in not patching. At minimum, we have a responsibility to make sure end users are aware of this issue. Can we make sure to include a NEWS.Debian file? Are there other appropriate channels? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1779863 Title: Ubuntu nodejs package isn't ABI compatible with mainline nodejs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1779863/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
