Thomas Goirand: > Hi, > > [...] > > Also, removing such a non-leaf package at this point of the release is a > way too late. IMO, a bug should have been opened a long time ago asking > for an upgrade of the package. >
Hi, I would (also) strongly prefer, if we got better at finding and dealing with things like outside the freeze. That said... In the concrete case, the removal does not look too bad at a metadata level. Assuming qtwebchannel5-examples can drop its dependency, the rest can be removed from testing without affecting any other package than those listed below. """ $ dak rm -nR -s testing npm [...] Checking reverse dependencies... # Broken Depends: npm2deb: npm2deb qtwebchannel-opensource-src: qtwebchannel5-examples [...] # Broken Build-Depends: ruby-license-finder: npm """ > Last, at this point in time, I believe we should discuss the issue with > the release team. They may agree, for example, that we upgrade the > package to a newer version (this is unlikely, but it is up to them to > tell). They may don't agree that we "fix" so many source package to > remove the build-dependency. Anyway, the solution should be discuss with > them. Therefore, I'm CC-ing the release team. > From my PoV; upgrade is unlikely to be accepted. Removal appears to be doable, so the real question is: * Is npm so out of date that it is release critical? If yes, fix qtwebchannel-opensource-src (etc.) and remove the rest from stretch. If no, tag it -ignore and move on. To be honest, I know next to nothing about npm and its state, so I will apply "Do-cracy" to this decision. AFAICT, Jérémy Lal have done all of the uploads since 2013 and is the sole committer to the packaging between 2013-08 to 2014-08[1], which pretty much makes Jérémy the closest person to an "active do'er" in this case. @Jérémy Lal: Your call: * Are you willing to support npm for 3-5 years in stretch given its current state? - If yes, then tag the npm bug stretch-ignore or downgrade it - If no, then we will effectuate the removal before the release. Thanks, ~Niels [1] https://anonscm.debian.org/cgit/pkg-javascript/npm.git/log/
signature.asc
Description: OpenPGP digital signature
