Le jeu. 24 oct. 2019 à 19:33, Jonas Smedegaard <d...@jones.dk> a écrit :
> Quoting Pirate Praveen (2019-10-24 19:12:22) > > > > > > On Thu, Oct 24, 2019 at 19:05, Jonas Smedegaard <d...@jones.dk> wrote: > > > Quoting Pirate Praveen (2019-10-24 18:42:17) > > >> On Thu, Oct 24, 2019 at 16:19, Jonas Smedegaard <d...@jones.dk > > >> <mailto:d...@jones.dk>> wrote: > > >> > Quoting Pirate Praveen (2019-10-24 15:34:15) > > >> >> All files derived from source have their corresponding source > > >> >> code and it is regenerated during build. > > >> > > > >> > It may very well be "source" but not "upstream source". > > >> > > > >> > > >> Then I fail to see how this is a serious bug. > > > > > > I listed Policy § 2.1 as being the reason for severity of this bug. > > > > > > Let me quote the part I find relevant: > > > > > >> The program must include source code, and must allow distribution > > >> in source code as well as compiled form. > > > > > > If this package _does_ contain source code but just from a > > > _different_ upstream project than the one currently listed in > > > debian/copyright then the bug is easily fixed by simply correcting > > > what upstream project this package claims to ship source code from. > > > > Lets ask the team what they think about the issue. > > > > Hi js-team, > > > > Do you think this is really an rc bug? Do you think Source field in > > debian/copyright should be changed to > > https://github.com/lodash/lodash/releases ? > > For the record, I did not say that above URL solves this bug. > Does the problem Jonas refer to is that embedded component lodash-cli is downloaded (by watch file) from https://registry.npmjs.org/lodash-cli ? Side note: downloading from npmjs.org should be avoided and maybe a good candidate for a lintian error; for it is an unreliable source (no checksum, no guarantee, unlike git, afaik). Jérémy, trying to help. PS: Pirate, no need to cc pkg-javascript-devel we already receive all bug reports.
