On 2014-01-30 15:17:31, Jonas Smedegaard wrote:
> Quoting Antoine Beaupré (2014-01-30 19:38:15)
>> On 2014-01-30 13:25:33, Jonas Smedegaard wrote:
>>> Quoting Antoine Beaupré (2014-01-30 18:27:04)
>>>> On 2014-01-30 12:15:00, Jonas Smedegaard wrote:
>>>>> Quoting Antoine Beaupré (2014-01-30 16:34:47)
>>>>>> For JS it makes sense because of section 4.13 (convenience 
>>>>>> copies), but the CSS is native...
>>>>>
>>>>> Not sure I understand you here.  Debian do not allow redistribution 
>>>>> of upstream-compressed JavaScript, but that does not force you to 
>>>>> compress at runtime: distributing buildtime-complressed JavaScript 
>>>>> is fine to distribute in Debian.
>>>>
>>>> Right.
>>>>
>>>>> Same is in principle true for CSS (and HMTL etc.) but less strongly 
>>>>> enforced (because such declarative code is more likely to be still 
>>>>> readable).
>>>>
>>>> The difference being that the CSS is not "upstream" so we do not 
>>>> need to fiddle around with symlinks.
>>>
>>> I don't follow.  What do you mean not "upstream"?  What symlinks?
>>
>> Sorry I wasn't clear again. The CSS files are in the Photofloat, and 
>> not convenience copies like some javascript files. The symlinks I am 
>> refering to are the symlinks to the jquery javascript source files 
>> which we use to regenerated the compressed javascript with triggers.
>>
>> What I am saying is we don't need such a convoluted, runtime build 
>> procedure for CSS as they are part of the photofloat source and not 
>> convenience copies of code.
>
> Convenience code copies don't require *runtime* compression.

What? Isn't that why we are talking about triggers for javascript?

Sure, maybe it was respecting policy to compress at build time (the
package is in Debian after all), but it is a potential security problem
anyways.

> ...as I wrote 8 hours ago - at the top of this quote!
>
> DFSG issue is lack of proper source (i.e. preferred form of editing).  
> Choice of when to compress (if at all) is completely independent from 
> that issue.

It seems to me that section 4.13 goes a little further than DFSG then,
as it specifically refers to maintainability of the code from a security
perspective.

>>> Here is - I think - all sensible options:
>>>
>>> CSS can be compressed or compacted or simply collated during build, 
>>> and install that once below /usr, or once below /etc with symlink 
>>> below /usr, or once below /etc recompressed or recompacted on-demand 
>>> below /var with symlink below /usr.
>>
>> That seems fair enough. I would say:
>>
>>  a. compress CSS during build (or compact, i don't care)
>
> Seems we agree on that, then.

One down... 4 to go! :)

>>  b. install CSS compressed in /var
>>  c. install CSS sources in /etc
>>  d. provide a clear way for users to get from c to b, but don't do it
>>     automatically.
>>  e. symlink in /usr to /etc and /var for consistency and simplicity
>
> Why?  Seems exactly what I argue below is overkill and you agree with?

Sorry, why what?

I thought you were arguing that recompiling on the fly at runtime is
overkill. Recompiling on the fly at runtime is not what I am suggesting
here.

>>> I recommend to compact during build, and install that once below /etc 
>>> with a symlink below /usr.
>>
>> What about the source files? How do people rebuild if they modify in
>> /etc?
>
> You tell me - I suggest to not do such overkill.

Why on earth would we ship undecipherable configuration files in /etc
if we do not allow people to rebuild them from source?

What I propose above (in d) is that we provide a way (either in
README.Debian or with an update-foo script) to recompile from sources in
/etc. That should be simple enough.

>>> Simply collating during build loose a few kilobytes at the most, but 
>>> more importantly ships eventual broken CSS undetected (and hard to 
>>> discover, because it is passed unexamined to the Browser).
>>
>> I am not sure I understand that, but okay. :)
>
> Many bugs in compiled languages like C cause build failures, whereas in 
> interpreted languages like Python they are most often spotted only at 
> runtime.

Correct.

> Running testsuites help catch errors early, but for most interpreted 
> languages it is uncommon to include a testsuite (and for Nodejs 
> specifically many testsuites rely on DFSG-nonfree jshint).

Right.

> Bugs in interpreted languages therefore often need users to spot them.  
> Here, bugs in Browser-executed code is especially tricky, because the 
> users running into thpse bugs are rarely the geek packaging the code, 
> nor a technically savvy Linux user, but someone else running older or 
> browsers (especially closed-source ones).

Understood.

> So non-host-executed interpreted languages are arguably the most 
> important to apply any form of testsuite for.  Running CSS through Sass 
> is a simple way of "regression testing" CSS code.

Right, that's what I understood.

I believe it goes beyond our duty as package maintainers to extend
Photofloat to include a CSS test suite. If we could convince upstream of
that, I'm okay with the idea, otherwise I don't think it's necessary.

>>> On-demand recomputing is IMO overdoing it (local admin can run Sass 
>>> on the file below /etc if they feel the need for that).
>> 
>> Agreed.
>
> Really?

I am not sure I understand what you disagree with here, or what you
think I disagree with.

A.
-- 
Le Québec ne rêve plus de devenir une société modèle: voilà son
problème d'environnement.
                        - Pierre Dansereau (1911 - 2011)

Attachment: pgpAC9eTReHeZ.pgp
Description: PGP signature

Reply via email to