2014-04-25 8:49 GMT+01:00 Matthias Urlichs <matth...@urlichs.de>: > Hi, > > Manuel A. Fernandez Montecelo: >> a) the minified .js is still source code, by definition. > > Sorry, but _my_ definition of "source code" is "whatever you customarily > edit when you want to change something". > > _Nobody_ in their right mind edits minified Javascript.
(I know that we're more on less in the same page, but I will reply to your message about what I meant of the importance of the sourceless file being valid source code and setting this apart from other cases). I expect that if users want to modify that JS, they are smart enough to get the unminified source (which the minified version publicises well in some/most cases), edit, minify again (if they feel like it) and replace the original modified file [1]. With the same reasoning, nobody in their right minds edit 30-k lines configure scripts (except maybe for quick fixes like disabling some test, or adding a path to search). People go to find the .ac file, edit, regenerate the configure script, copy to the original place, and compile. In these two cases, "source-is-missing" (lintian error) has very different consequences than "source-is-missing" for a precompiled binary without source, a blob of firmware, or a .swf file. Minified .js is just normal source code in the eyes of the interpreter, and thus can be replaced with the unminified version if users want to modify it; something that you cannot do with "source-is-missing" in other cases. And if the unminified souce code is there (I am not 100% conviced if with the minifed version, but well, let's drop that case), or can be obtained easily (as it is the case with jquery), we're not violating the license even if the version is not in Debian (will fail DFSG if the minified is not accepted as "source" code, but well, since you can substitute it for other version, l think that this is a rather whimsical interpretation of the *guidelines*). The GPL (I don't think that others are stronger on this point): "Many distributors of GPL'ed programs bundle the source code with the executables. An alternative method of satisfying the copyleft is to provide a written offer to provide the source code on a physical medium (such as a CD) upon request. In practice, many GPL'ed programs are distributed over the Internet, and the source code is made available over FTP or HTTP. For Internet distribution, this complies with the license." Only in the cases when upstream maliciously or mistakenly substitute the minified .js, this can matter (the source cannot be obtained anywhere). But in these cases, one definitely does not want the source file, and the "canonical" version of jquery or other JS library should be a good substitute. Thus, the file itself being source code, interpreted by the same interpreter as the unminified source code and being possible to substitute it for other versions easily modificable, makes the case completely different than other cases of "source-is-missing". So I believe that the lintian error considering these dissimilar cases together is wrong, and overriding is a reasonable solution (specially once that it's dealt with for shipped binaries). I believe that user freedom is not harmed in any way by the precompiled/minified/autogenerated version is there, so we don't gain anything by repacking this, and it's actually harmful for Debian to go on this endeavour. Unless/until somebody provides compelling reasons (or CTTE or GR), I will heed the advice of ignoring this lintian error. I will probably strip it with the help of automatic tools in the future, if easy enough and convenient, just to avoid spending time on discussions. For the relief of the tired public, I will probably also not participate more in the threads. But I think that pushing for this is and having those lintian errors for jquery&friends, and making maintainers waste time and energy on this activity, is actively harming Debian. [1] This does not apply when we don't have the unminified version and it's not widely available, but that's not the case of the majority of the ~8k current lintian errors emitted. > IMHO, in an ideal world we would not install this file -- depending on, > and referring web clients to, our own jQuery packaging -- so that they'll > always pick up the latest version and security problems and bugs won't > linger. > > However, we do not live in such a world, and thus I'd like us to simply > ignore the problem -- esp. given that we, more likely than not, in fact do > have the real sorce code somewhere in our archive. Maybe not the exact same > source code, but frankly, Debian has a couple of more interesting problems > than quibbling about whether the files which get assembled to > jFoobar-2.0.1.2.js are legitimate source code for jFoobar.2.0.1.1.min.js. The solution in your 1st paragraph is exactly what we are doing with the binary package, so I think that we agree. I also agree with your second paragraph. I was arguing against repackaging source packages. Cheers. -- Manuel A. Fernandez Montecelo <manuel.montez...@gmail.com> -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAPQ4b8=uf5cfjh_qqzjp5m4xk4ffcoz68vpzpus0e-yzgtp...@mail.gmail.com
