• Re: Bug#995722: Not running tests because tests miss source code is not

    From Yadd@21:1/5 to All on Sat Oct 9 09:00:02 2021
    Le 08/10/2021 à 22:54, Thomas Goirand a écrit :
    On 10/8/21 10:20 AM, Yadd wrote:
    Take a look, most of them embed a minified version (jquery* for example)
    Yeah ... Everyone upstream thinks it's ok to have 15907152438 copies of jquery floating around... There's room for improvement for sure! :)

    Thomas Goirand (zigo)

    If you really consider minified files as binary, there's a room for
    creating a lot of RC bugs

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeremy Stanley@21:1/5 to Yadd on Sat Oct 9 17:50:01 2021
    On 2021-10-09 08:53:57 +0200 (+0200), Yadd wrote:
    [...]
    If you really consider minified files as binary, there's a room for
    creating a lot of RC bugs

    The more appropriate question is whether Debian considers minified
    files to be source code, or a compiled form. To needlessly quote
    DFSG §2: "The program must include source code, and must allow
    distribution in source code as well as compiled form."

    I suppose the other related question is whether testsuites are
    considered a "program" since the issue at hand is whether it's okay
    to distribute testsuites only in compiled form, omitting their
    source code.

    I'm not a DD so won't be voting in any resultant GR, but I
    personally consider all the tests I write to be part of programs for
    which I create them, and so dependencies of those tests are
    build/non-runtime dependencies of the programs themselves. Sometimes
    my software contains constructed test vectors which are inherently
    "sourceless" (e.g. crafted IP packets with bogus fields, or binary
    keys for test certificates), but when these can be generated
    automatically, the tools and routines for generating them are still
    to be considered dependencies of my software, and when that's not
    possible, instructions are provided for their recreation at least.
    It's an entirely legitimate concern that a user may want to add new
    tests with similar but not identical fixtures, and I consider it
    important that they be able to do so with only DFSG-compliant tools.

    Not all software meets the DFSG, and that goes for testsuites too. DFSG-compliant software with non-DFSG-compliant testsuites should
    still be fit for main as long as those non-DFSG-compliant testsuites
    are omitted, and it seems reasonable that those testsuites could
    also be distributed separately in non-free from different source
    packages (so long as their licenses permit their distribution at
    all, which is another fun problem these bits sometimes raise).
    --
    Jeremy Stanley

    -----BEGIN PGP SIGNATURE-----

    iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmFht9VfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WClCEQ//ePOrRsJZcItRySLYZk/i2wr8CT91rIt40wZrboU92EJx/ObOfWwFtsVm DH93BPmnEASSrzgVHn4jW5AUEOmjSz80570scwkZLy1oWx9v7LT8C00Ikv2mAX2+ 33SHKWC+q9CCNCVNslAFd25vSd8gv7qyineegZ/0fIRNK9AczNndzGnKoqooiWvp 8ZzFPEH363gkGi4pEbP3gwJULF0lIy919GyFIhK0PMgGiSEXa9SzXU68WzWSeycQ vN2rGL4ExXVpEWrajVq2/5C/wX1KvgpJsvTKZV7vnZflJXjK8JsbAft3iFTdGlJb HaESWbGuUJ4zZoOL4CdI55eHsl/ZJhHG++kUvqzYUZYDg5AO/szkavjoLju1yY7x 0RElgCKkP03DqPU2ccRr8IXJ2HXfynggtxZVpQnLyqOco8cmktBQi5jZ6eLyW7Dm 3vdNiNygCXXym2yzQwcwko+xPQtqpoM1f6XZyWIJ32vb2BeWA9LcVfMwGQouB+z4 C+g6bKECKRVH686VuiYfnUX3JpQIrRCecfUXfoqqTYez2M93ruln0H4hZSTgJbOb RowFO/nVbDOhePbNTbiWsdxEUoDl1EDLMOSnc9DDS7iyU8Kctx9iSkpxEXs3QDM4 DgzpVBK68cNl6agqJHS3qQa6wOKgNg+/+ImDBYScxgpx4lZKbNw=
    =8cvW
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32
  • From Jonas Smedegaard@21:1/5 to All on Sat Oct 9 19:00:01 2021
    Quoting Julien Puydt (2021-10-09 18:48:07)
    Hi

    Le sam. 9 oct. 2021 à 17:40, Jeremy Stanley <fungi@yuggoth.org> a écrit :

    On 2021-10-09 08:53:57 +0200 (+0200), Yadd wrote:
    [...]
    If you really consider minified files as binary, there's a room
    for creating a lot of RC bugs

    The more appropriate question is whether Debian considers minified
    files to be source code, or a compiled form. To needlessly quote
    DFSG §2: "The program must include source code, and must allow distribution in source code as well as compiled form."


    Minified code isn't code in a form meant/supposed to be modified by
    hand, so it's not source code.

    Right. But stating that is not helping much.

    It is not source code.

    It is not binary code.

    It is not...

    The appropriate question is how it fits Debian Free Software Guidelines.


    - Jonas

    --
    * Jonas Smedegaard - idealist & Internet-arkitekt
    * Tlf.: +45 40843136 Website: http://dr.jones.dk/

    [x] quote me freely [ ] ask before reusing [ ] keep private --==============099972929380890544=MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Description: signature
    Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmFhyMkACgkQLHwxRsGg ASFEUw//a2uKQUy5r6V7en6OZWtpe+iyUbn7DqK1H7njQEZY9NfySZgoCgGAg5LI VEIxEF60LWD6hIpy4gsTG5XSVkOwOGk60zeNNVNVKBn9d3nfZMvkoE6tQip/AItK maYd4BerQR3kMHA0dudJlmkkQVuQ56Xasnaw12bEjfe2zRyCqOeCTzABy5aSliWa 4PjgWC61fkVISSKyHGN0lDwnwyvc8H1dCW3lLlithSwMzC7/Fl0Vz2a3V+lymNHN xeUKP0as+h2Ai5VrztxTbWI5foaDtuCRmdhS5En7fu75KJjwaQDULQccCj3f8Xdt 9MboIv8tfn1WlTaUzYfIraTpuZwhpsmVVl2IdkaMYCcTDwEcrQt7q9HJVess8ezV 2IALeV8E8ZNFNjgIgmFAU9a/wvoItz41mge7LVx2T8KuKrLgLChAjzY2jZf7tqMI g8ZjBD7bz/b8pMqUGtda3+qKIEKiwKLLPsTg0lSHD62Icn9hMAAZwYQllyt8iSt+ 8Z6/JQHeMVyGCzCiO
  • From Julien Puydt@21:1/5 to All on Sat Oct 9 18:50:01 2021
    Hi

    Le sam. 9 oct. 2021 à 17:40, Jeremy Stanley <fungi@yuggoth.org> a écrit :

    On 2021-10-09 08:53:57 +0200 (+0200), Yadd wrote:
    [...]
    If you really consider minified files as binary, there's a room for creating a lot of RC bugs

    The more appropriate question is whether Debian considers minified
    files to be source code, or a compiled form. To needlessly quote
    DFSG §2: "The program must include source code, and must allow
    distribution in source code as well as compiled form."


    Minified code isn't code in a form meant/supposed to be modified by hand,
    so it's not source code.

    J. Puydt



    <div dir="auto"><div>Hi<br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Le sam. 9 oct. 2021 à 17:40, Jeremy Stanley &lt;<a href="mailto:fungi@yuggoth.org">fungi@yuggoth.org</a>&gt; a écrit :<br></div><blockquote class="gmail_quote"
    style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 2021-10-09 08:53:57 +0200 (+0200), Yadd wrote:<br>
    [...]<br>
    &gt; If you really consider minified files as binary, there&#39;s a room for<br>
    &gt; creating a lot of RC bugs<br>

    The more appropriate question is whether Debian considers minified<br>
    files to be source code, or a compiled form. To needlessly quote<br>
    DFSG §2: &quot;The program must include source code, and must allow<br> distribution in source code as well as compiled form.&quot;<br></blockquote></div></div><div dir="auto"><br></div><div dir="auto">Minified code isn&#39;t code in a form meant/supposed to be modified by hand, so it&#39;s not source code.</div><div dir="
    auto"><br></div><div dir="auto">J. Puydt</div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
    </blockquote></div></div></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Stephan =?ISO-8859-1?Q?Verb=FCcheln@21:1/5 to Jonas Smedegaard on Sun Oct 10 14:10:01 2021
    On Sat, 2021-10-09 at 18:52 +0200, Jonas Smedegaard wrote:
    It is not source code.

    It is not binary code.

    It is not...

    The appropriate question is how it fits Debian Free Software
    Guidelines.

    Programs with a license on the one hand which demands the right to
    study and modify the source code, and on the other hand components that
    cannot be easily studied and modified, kind of infringe their own
    nominal license.

    This is probably a minor problem for the author who owns the copyright
    anyway and therefore can choose whatever conditions he likes. But it
    could be complicated for projects like Debian who want to redistribute
    code but do not own the copyright themselves.

    Regards
    Stephan

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Julien Puydt@21:1/5 to All on Sun Oct 10 14:40:01 2021
    Hi

    Le sam. 9 oct. 2021 à 18:52, Jonas Smedegaard <jonas@jones.dk> a écrit :

    Quoting Julien Puydt (2021-10-09 18:48:07)
    Hi

    Le sam. 9 oct. 2021 à 17:40, Jeremy Stanley <fungi@yuggoth.org> a écrit
    :

    On 2021-10-09 08:53:57 +0200 (+0200), Yadd wrote:
    [...]
    If you really consider minified files as binary, there's a room
    for creating a lot of RC bugs

    The more appropriate question is whether Debian considers minified
    files to be source code, or a compiled form. To needlessly quote
    DFSG §2: "The program must include source code, and must allow distribution in source code as well as compiled form."


    Minified code isn't code in a form meant/supposed to be modified by
    hand, so it's not source code.

    Right. But stating that is not helping much.

    It is not source code.

    It is not binary code.


    It was helping: it's definitely binary code, since it's not source code!

    There was the case years ago of the smarteiffel compiler. It was supposed
    to be open source, but upstream only released C code. And that was bad,
    because it wasn't what *they* worked with: they had eiffel sources, and the
    C code was preprocessed and didn't allow/permit bootstrapping. It took some discussion to convince them to release the true sources.

    The situation is the same here: minified code isn't source. Trying to claim it's not really binary because it's JavaScript and not some bytecode (for a virtual or actual hardware) is disingenuous.

    If that's not what developer work with, that's not source, end of the discussion.

    Cheers,

    J. Puydt



    <div dir="auto">Hi<br><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">Le sam. 9 oct. 2021 à 18:52, Jonas Smedegaard &lt;<a href="mailto:jonas@jones.dk">jonas@jones.dk</a>&gt; a écrit :<br></div><blockquote class="gmail_quote"
    style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Quoting Julien Puydt (2021-10-09 18:48:07)<br>
    &gt; Hi<br>
    &gt; <br>
    &gt; Le sam. 9 oct. 2021 à 17:40, Jeremy Stanley &lt;<a href="mailto:fungi@yuggoth.org" target="_blank" rel="noreferrer">fungi@yuggoth.org</a>&gt; a écrit :<br>
    &gt; <br>
    &gt; &gt; On 2021-10-09 08:53:57 +0200 (+0200), Yadd wrote:<br>
    &gt; &gt; [...]<br>
    &gt; &gt; &gt; If you really consider minified files as binary, there&#39;s a room <br>
    &gt; &gt; &gt; for creating a lot of RC bugs<br>
    &gt; &gt;<br>
    &gt; &gt; The more appropriate question is whether Debian considers minified <br>
    &gt; &gt; files to be source code, or a compiled form. To needlessly quote <br> &gt; &gt; DFSG §2: &quot;The program must include source code, and must allow <br>
    &gt; &gt; distribution in source code as well as compiled form.&quot;<br>
    &gt; &gt;<br>
    &gt; <br>
    &gt; Minified code isn&#39;t code in a form meant/supposed to be modified by <br>
    &gt; hand, so it&#39;s not source code.<br>

    Right.  But stating that is not helping much.<br>

    It is not source code.<br>

    It is not binary code.<br></blockquote></div><div dir="auto"><br></div><div dir="auto">It was helping: it&#39;s definitely binary code, since it&#39;s not source code!</div><div dir="auto"><br></div><div dir="auto">There was the case years ago of the
    smarteiffel compiler. It was supposed to be open source, but upstream only released C code. And that was bad, because it wasn&#39;t what *they* worked with: they had eiffel sources, and the C code was preprocessed and didn&#39;t allow/permit
    bootstrapping. It took some discussion to convince them to release the true sources.</div><div dir="auto"><br></div><div dir="auto">The situation is the same here: minified code isn&#39;t source. Trying to claim it&#39;s not really binary because it&#39;
    s JavaScript and not some bytecode (for a virtual or actual hardware) is disingenuous.</div><div dir="auto"><br></div><div dir="auto">If that&#39;s not what developer work with, that&#39;s not source, end of the discussion. </div><div dir="auto"><br></
    <div dir="auto">Cheers, </div><div dir="auto"><br></div><div dir="auto">J. Puydt</div><div class="gmail_quote" dir="auto"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"></blockquote></div></div>

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonas Smedegaard@21:1/5 to All on Sun Oct 10 15:00:02 2021
    Quoting Stephan Verbücheln (2021-10-10 14:03:51)
    On Sat, 2021-10-09 at 18:52 +0200, Jonas Smedegaard wrote:
    It is not source code.

    It is not binary code.

    It is not...

    The appropriate question is how it fits Debian Free Software
    Guidelines.

    Programs with a license on the one hand which demands the right to
    study and modify the source code, and on the other hand components that cannot be easily studied and modified, kind of infringe their own
    nominal license.

    Such clauses are part of some licenses - notably the 3 revisions of GNU
    Public License - but not others, e.g. the Expat (a.k.a. MIT) license.


    This is probably a minor problem for the author who owns the copyright anyway and therefore can choose whatever conditions he likes. But it
    could be complicated for projects like Debian who want to redistribute
    code but do not own the copyright themselves.

    Agreed: I expect it to be an added complication if Debian decices to
    permit the use of not-easy-readable-nor-editable code for tests.

    Those in favor of permitting it however consider that a lesser pain than
    that of hunting down and packaging and maintaining corresponding readable-and-editable code.


    - Jonas

    --
    * Jonas Smedegaard - idealist & Internet-arkitekt
    * Tlf.: +45 40843136 Website: http://dr.jones.dk/

    [x] quote me freely [ ] ask before reusing [ ] keep private --==============p70040995498706742=MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Description: signature
    Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmFi4cAACgkQLHwxRsGg ASF1+g/+KIuuMYCp3iJeNImQSnU7QouWEiFw2JsmWwV0NK8Q06TTiwYIrbMGW37P z7NFLcgC5he4jKCAnpJxXHJTn+hs8SZzlbgvd0hYgl0bthkr0JLxxGugWZbSms6J +uUtlxJbsmaDrD6uhKFJSoNcLjtlp/0a/qt47WlZTdWLDxTsYUIAfJGUijAlu9fT NC5tbvFFOa/DZ1IQO1natR9e7wcHepfY53YBTx+DLO1IKF4Jpuklegwql4wEL5IX XZ+sScwVAl2gjAZEtWZXDXFD02b6kJLVYnOfIXqc+1TYCwCbQlpe6mLwF85Y68+N ChU97XUQz2YoMkzgJqbRQbH6s7T4sHOmq6nE3pWWbUXSelozBaIMPXlwSAMI+GmM badVwWM4bQCrEON5EO6M0X3K+r+MfCcxPT/dW15j5XSXzGZFkW3CRl+Uf5OGnyQ2 1SUya084Fy+KM0PJSEePATTasc22kHXV+pcEX2iul1cNRGAai0+4td7nG/2RE2ix wz/lh6JvTdUxj5aEf
  • From Kristian Nielsen@21:1/5 to Julien Puydt on Sun Oct 10 16:00:02 2021
    Julien Puydt <julien.puydt@gmail.com> writes:

    There was the case years ago of the smarteiffel compiler. It was supposed
    to be open source, but upstream only released C code. And that was bad, because it wasn't what *they* worked with: they had eiffel sources, and the
    C code was preprocessed and didn't allow/permit bootstrapping. It took some

    This is a good example, because it shows how "source code" is defined by
    what upstream development uses, not merely by users being able to compile
    the released code.

    But the situation here seems to be the opposite: The minified javascript
    *is* what *they* (upstream developers) work with. They don't have a secret unpublished build system to generate the minification from unpublished
    sources. Presumably, if they need to update it, they would replace it with a new minified file obtained from a newer release of that project. Or as has
    been mentioned, the test might be testing a problem against that very
    specific version of the javascript minification, in which case it will never
    be changed at all - as that would instead be the addition of a separate testcase.

    Thus, the minified file *is* the preferred (by the upstream developers) form
    of the work for making modifications to it. Which is how source code is
    defined in the GPL, for example. It seems wrong to me to define "source
    code" as something that the upstream development does not use and which
    doesn't actually exist anywhere.

    As an extreme example, some people prefer Rust to C, but that does not mean that a C program must be re-written in Rust to satisfy the "preferred form
    of work" condition for source code.

    This still leaves the Vendoring problem. Even if we consider the minified javascript "source" in the context of the upstream development, it obviously isn't source in the context of the original javascript library project. If
    the javascript library is GPL, for example, it will require the availability
    of the correct version of the source code along with the minification.

    I think there is a subtle but important distinction here:

    1. A program not being free because it is missing what upstream developers consider "source" (as in the smarteiffel example).

    2. A program being unsuitable for debian because it is developed in a way
    that effectively requires Vendoring of sources of dependencies.

    - Kristian.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jonas Smedegaard@21:1/5 to All on Sun Oct 10 15:30:02 2021
    Quoting Julien Puydt (2021-10-10 14:34:34)
    Le sam. 9 oct. 2021 à 18:52, Jonas Smedegaard <jonas@jones.dk> a écrit :
    Quoting Julien Puydt (2021-10-09 18:48:07)
    Le sam. 9 oct. 2021 à 17:40, Jeremy Stanley <fungi@yuggoth.org> a écrit
    On 2021-10-09 08:53:57 +0200 (+0200), Yadd wrote: [...]
    If you really consider minified files as binary, there's a
    room for creating a lot of RC bugs

    The more appropriate question is whether Debian considers
    minified files to be source code, or a compiled form. To
    needlessly quote DFSG §2: "The program must include source code,
    and must allow distribution in source code as well as compiled
    form."

    Minified code isn't code in a form meant/supposed to be modified
    by hand, so it's not source code.

    Right. But stating that is not helping much.

    It is not source code.

    It is not binary code.

    It was helping: it's definitely binary code, since it's not source
    code!

    There was the case years ago of the smarteiffel compiler. It was
    supposed to be open source, but upstream only released C code. And
    that was bad, because it wasn't what *they* worked with: they had
    eiffel sources, and the C code was preprocessed and didn't
    allow/permit bootstrapping. It took some discussion to convince them
    to release the true sources.

    The situation is the same here: minified code isn't source. Trying to
    claim it's not really binary because it's JavaScript and not some
    bytecode (for a virtual or actual hardware) is disingenuous.

    If that's not what developer work with, that's not source, end of the discussion.

    I agree with you that minified code rarely if ever "the preferred form
    of the work for making modifications to it" as defined by GPL licenses.

    GNU definition for the term "source code" is however irrelevant for the
    GR in preparation.

    If you mean to say that Debian has a clar definition on what "source
    code" means, then it is helpful if you point to that clear definition.

    Similarly, if you mean to say that some judge somewhere has made a court ruling which may affect the outcome of this GR in preparation, then it
    is helpful that you clarify how that might be.

    If you mean to say that "source code" has multiple meanings and you
    therefore recommend that they avoid it on the ballot, then it is helpful
    to say so.

    What is relevant is that those who want to make a GR vote express
    clearly what it is they want us all to vote on.

    Yes, they can ask us all to vote on changing our constitution to
    redefine what "source code" means. I doubt that is what you want to do, though. It seems to me that they really want a less radical change.


    - Jonas

    --
    * Jonas Smedegaard - idealist & Internet-arkitekt
    * Tlf.: +45 40843136 Website: http://dr.jones.dk/

    [x] quote me freely [ ] ask before reusing [ ] keep private --==============a57458969122381262=MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Description: signature
    Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmFi6QIACgkQLHwxRsGg ASHwHw//QAdgMIRwXGYuuUmGpLKGrz+15jSXo0eF1AYSD5UZTeoktgxaHua1OzzP ehQdAqz1gQ5ysdR0nykX2zQYrXJeA1t1PH/SIvmnBWKlRd4s7zF9OqAFP/2XdlwA davD8sTjr1dmqc9Bl/zcNL+AQrUddlxuSUi4I275ziGNgQobtyFB1X7an8NcEpX0 JcCMcEATGJjCkZscUo62mjC4ujwrMNTNmenIgUEp4bhAUP9RNSUDYCXcGE4b6Y7h ZnxQ0jhSSpfL3QTIdkB4sYfVYZHynhCjmZg9QFgn4SHf6FaxkiWET9VWqn2VANBU H7zcyLy0ZidhCpLRZjA18p56eNLHHNvFQi/CgzYDpO4e1WYT1XfvdRZ2p4UhJHRm /iOXFyTetQnaKK2sxQKeA+KBwQa/H/4KtsrmbJSo60e0YxGJzoogZIhmO2Shz6MD GUNRsmpehNq5aelE8qSywUeikp4Tf1e1Byu5JSCLvvITA6ioMPT9vNXYJ1Sn6bNI tc7ChDOtOcwKiKxC3
  • From Yadd@21:1/5 to All on Mon Oct 11 11:30:02 2021
    Le 10/10/2021 à 15:36, Kristian Nielsen a écrit :
    Julien Puydt <julien.puydt@gmail.com> writes:

    There was the case years ago of the smarteiffel compiler. It was supposed
    to be open source, but upstream only released C code. And that was bad,
    because it wasn't what *they* worked with: they had eiffel sources, and the >> C code was preprocessed and didn't allow/permit bootstrapping. It took some

    This is a good example, because it shows how "source code" is defined by
    what upstream development uses, not merely by users being able to compile
    the released code.

    But the situation here seems to be the opposite: The minified javascript
    *is* what *they* (upstream developers) work with. They don't have a secret unpublished build system to generate the minification from unpublished sources. Presumably, if they need to update it, they would replace it with a new minified file obtained from a newer release of that project. Or as has been mentioned, the test might be testing a problem against that very specific version of the javascript minification, in which case it will never be changed at all - as that would instead be the addition of a separate testcase.

    Thus, the minified file *is* the preferred (by the upstream developers) form of the work for making modifications to it. Which is how source code is defined in the GPL, for example. It seems wrong to me to define "source
    code" as something that the upstream development does not use and which doesn't actually exist anywhere.

    As an extreme example, some people prefer Rust to C, but that does not mean that a C program must be re-written in Rust to satisfy the "preferred form
    of work" condition for source code.

    This still leaves the Vendoring problem. Even if we consider the minified javascript "source" in the context of the upstream development, it obviously isn't source in the context of the original javascript library project. If the javascript library is GPL, for example, it will require the availability of the correct version of the source code along with the minification.

    I think there is a subtle but important distinction here:

    1. A program not being free because it is missing what upstream developers consider "source" (as in the smarteiffel example).

    2. A program being unsuitable for debian because it is developed in a way that effectively requires Vendoring of sources of dependencies.

    - Kristian.

    For now:

    $ cat tags/s/source-contains-prebuilt-javascript-object.tag
    Tag: source-contains-prebuilt-javascript-object
    Severity: pedantic
    Check: cruft
    Explanation: The source tarball contains a prebuilt (minified)
    JavaScript object.
    They are usually left by mistake when generating the tarball by not
    cleaning the source directory first. You may want to report this as
    an upstream bug, in case there is no sign that this was intended.

    Following this discussion, it should be a "Severity: error", shouldn't it?

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Jeremy Stanley@21:1/5 to Yadd on Mon Oct 11 16:50:03 2021
    On 2021-10-11 11:20:03 +0200 (+0200), Yadd wrote:
    [...]
    For now:

    $ cat tags/s/source-contains-prebuilt-javascript-object.tag
    Tag: source-contains-prebuilt-javascript-object
    Severity: pedantic
    Check: cruft
    Explanation: The source tarball contains a prebuilt (minified)
    JavaScript object.
    They are usually left by mistake when generating the tarball by not
    cleaning the source directory first. You may want to report this as
    an upstream bug, in case there is no sign that this was intended.

    Following this discussion, it should be a "Severity: error",
    shouldn't it?

    I expect it would only be an error if the original source code for
    it is not also included somewhere in main (either in the same source
    package or another one), though how to be certain of that is a topic
    for debate. If the upstream project developers assert the object was
    built from a specific source and that source is available/included,
    then it's up to the package maintainer to determine whether they can
    be trusted in that regard or the upstream release needs to be
    repacked to strip it out for fear that's not actually true. Either
    way, the object really shouldn't be copied into the binary package
    though, and should be rebuilt at package build time instead in order
    to confirm all of the compiled form can be built exclusively with
    tools available in main.
    --
    Jeremy Stanley

    -----BEGIN PGP SIGNATURE-----

    iQKTBAABCgB9FiEEl65Jb8At7J/DU7LnSPmWEUNJWCkFAmFkTtVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDk3 QUU0OTZGQzAyREVDOUZDMzUzQjJFNzQ4Rjk5NjExNDM0OTU4MjkACgkQSPmWEUNJ WClWCxAAg5Fv3YFWsXMVtc4YaqEYyot8z6cIIcMbpbmoWx3ZU9sBRRCw+LMs9gTv aejZTYWxC/HT+sruMlp4ZZXX2wZ99WOB3CoJCZXY91IB/6qeE6XdWEKCSuyk4HML nCp6w3dfa7AkX9zVyiRdXGFbKr68hkwlgWS1mpCOY4ZJlwFYVjRZeb9n98qyUiTm qo+zLK+BP/IQtFHDVP+vavJQdlzllaNU7e6rxXQo4yztGfbmLQxmKzSfkO3boNfD AxkjJrJuApttqhjrw2NMaaqGVZkHhIjknlSqvsC5t4nL/Co+/IFfJy9OUY49g9aj 2U1O5dS1wKYZRTxo0qdo0NV3q3VTwlTKbT0nCbyjOO3Ra71CN3UaLRBsxaNfTM5a 1KfIQ/071rCgowXhx/IEoAcmDGitqEzt34l1z6ynGYlp6g19FjoKkxDwmvXmEMmj +3o3NYdrZEme6xOJnwWV5yj+7lF4f00onfNWmLvyEF3f5DfFO9p68p/aFXbTUBZ+ Mrh0+o0HfcfLaWRKTuDDjh9ExKusThCmRlwHtzYfh9KaNSc1S3JJT8kfcd6SjP6g bAY8+dQow8RBhqnOXw2p8DXncb/JZyYl8rhfCKZRy8bvh4SuBCrKqizZoEFqRXZN mjqmi4PaGXWXqJY6VYRbcu+wLdEz1mHEr8g4W6TOdmvlwvKXFPY=
    =jSHg
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32
  • From Thomas Goirand@21:1/5 to Yadd on Thu Oct 14 21:30:01 2021
    On 10/11/21 11:20 AM, Yadd wrote:
    For now:

    $ cat tags/s/source-contains-prebuilt-javascript-object.tag
    Tag: source-contains-prebuilt-javascript-object
    Severity: pedantic
    Check: cruft
    Explanation: The source tarball contains a prebuilt (minified)
    JavaScript object.
    They are usually left by mistake when generating the tarball by not
    cleaning the source directory first. You may want to report this as
    an upstream bug, in case there is no sign that this was intended.

    Following this discussion, it should be a "Severity: error", shouldn't it?

    No.

    This lintian test produces lots of false positive. I'm not sure if it is
    that one test, but for example, if a JS file has lines of more than 512
    chars, Lintian believe it's a binary, when sometimes, having a 512+ char
    line of code in JS is legitimate, or even cannot be avoided.

    Also, if we just don't use the file (neither at build time or runtime),
    it's kind of ok-ish to just leave it as-is (because it doesn't infringe
    any copyright, and it takes some time to manage this). Of course it's
    better to remove it from the source package if possible, but it is my
    opinion that this is of "Severity: pedantic" ... :)

    Cheers,

    Thomas Goirand (zigo)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)