jerry at edagames.com
Thu Oct 13 22:39:46 UTC 2011
On 13/10/2011 19:14, Jonas Smedegaard wrote:
> On 11-10-13 at 02:41pm, Jérémy Lal wrote:
>> On 13/10/2011 14:11, Jonas Smedegaard wrote:
>>> Worse: Source contains a binary executable. Even though the
>>> accompanying notes state that the source is DFSG-free, but said
>>> sources are not included and we cannot know for sure if they are in
>>> fact used. Also it is statically linked which means it pulls in code
>>> from other sources which is certainly not available. Package should
>>> be repackaged with deps/ subdir stripped.
>> Indeed, repackaging is not an option.
> _not_ an option?!? I suspect that was a negation typo...
I meant in that case where we have that suspicious binary in deps/
not the general case, of course.
>>> Non-free TrueType font Gubblebum Blocky is included below html/*/.
>> I agree on simply removing the font file, it won't hurt.
>>> Also, all that documentation below html/ sems autogenerated using
>>> ronnjs. So probably html/ should be stripped and instead generated
>>> at build time (with options to avoid that non-free font as needed).
>> Actually it's html and man pages that are generated from markdown
>> using ronnjs.
> Yes, that's what I meant above: Source is the markdown files - the html
> files shipped upstream is generated code which preferrably we should not
> consume but regenerate.
>> And i'm the upstream developer of ronnjs. But i have no time left
>> right now to take care of packaging it. Later ?
> Oh, you are upstream. Cool!
> I would actually recommend to try find someone else to package your code
> since you are upstream - to ensure a minimum of code review.
> I am pretty busy at the moment: take-off monday of a 3-month journey in
> Asia: http://wiki.jones.dk/DebianAsia2011
Cool. Send picture :)
> Since Node packages are often pretty simple to package and maintain, I
> will try find some helpers for it on my journey. I am also a candidate
That'd be nice. Ronnjs depends itself on two other modules (opts, markdown).
>> Also, even if there generated at build time, they are not supposed to
>> be removed from tarball, for no DFSG reason.
> Source repackaging is generally allowed. Ideally upstream tarball is
> sane, and then we should preserve it as-is to ease e.g. SHA-1 checksum
> verification across distros. But when we do mess with source due to
> DFSG violations, we can just as well clean up other things, e.g.
> superfluous autogenerated code or superfluous convenience copies of
> source better provided as separate packages.
I agree that removing html/ and man/ is all right,
and slightly disagree about node_modules : without them the orig tarball is
useless, but apparently not against policy 22.214.171.124.
It will save much time to exclude it, so ok.
>>> I notice a link to a youtube video in the regression tests. Not
>>> sure, but if any regression tests go online during build, they
>>> should be disabled or patched to not do so.
>> I did not run the tests yet, so i don't know if it's possible to run
>> them during the build. I'd prefer doing that step later, too.
> It was just a vague suspicion, so no concrete action needed - so let's
> just keep it in mind. :-)
>> Do you agree on excluding :
>> * deps/
>> * html/*/GubbleBum-Blocky.ttf
> Well, that would also involve...:
> * track copyright and licensing of node_modules/
> * track copyright and licensing of html/
> ...both of which is of no real benefit to Debian.
> Packaging ronnjs is directly beneficial to our users. :-)
> Packaging those other modules is indirectly beneficial to our users, as
> then they are each tracked for new upstream releases and their
> regression tests are done during build.
Debian can't avoid octofurcation :)