checkbox-dev team mailing list archive

Thread
Date

Re: Javascript dependencies on plainbox

To: Zygmunt Krynicki <zygmunt.krynicki@xxxxxxxxxxxxx>, "checkbox-dev@xxxxxxxxxxxxxxxxxxx" <checkbox-dev@xxxxxxxxxxxxxxxxxxx>, "pes-tools-cert@xxxxxxxxxxxxxxxxxxx" <pes-tools-cert@xxxxxxxxxxxxxxxxxxx>
From: Sylvain Pineau <sylvain.pineau@xxxxxxxxxxxxx>
Date: Tue, 31 Mar 2015 20:12:03 +0200
In-reply-to: <CAJN_i4-8wEG2T34nyBXDdTADmZ_jjZOdNUiiSNJXdUEBBBojgA@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

On 03/31/2015 04:22 PM, Zygmunt Krynicki wrote:

Hey.

Merge requests [1] and [2] add some new dependencies on a few
javascript libraries. In order to stay compatible with Debian and to
be able to keep pushing our packages there I'd like to ensure we have
someone (Sylvain?) that looks after packaging those libraries and
uploading them for Debian.

I've started to build jquery, jquery-mobile and Chart.js in my ppa tomake sure

I can propose new versions to debian soon.

I'll contact the Debian javascript team to see if I can do NMU for thejquery libs.

If that's not the case I'll need to remove them as patches in our
Debian packaging. This means that the HTML exporter won't look like
it's about to (with the branch that Sylvain wrote) and I will need to
maintain a basic, javascript-free version instead.

Since the new report is for certification use, I'd suggest to startworking on making

exporters a new unit type (this is actually story 1229 in our backlog).

The new report could be such a unit that we will only provide with certand cdts.

Now that we have the jinja2 exporter, both xml and html can be created from

templates, so for Debian/Ubuntu I would continue to provide the legacyhtml report

until the new js dependencies are available in Debian.

To let you understand the problem better please keep two points in mind:
- Anything new we depend on must exist in Debian or we must work on
getting it there. This might involve upgrading an existing version or
might involve creating a whole new package. If the package is
non-trivial to build it may also involve extra work that we must do.
- Anything we bundle must be crystal-clear from the copyright point of
view (in any doubt ask the Canonical legal team) and must be in a form
that Debian approves of. For javascript libraries that excludes
minified variants. I'm not quite sure if it also includes non-minified
variants that were built by some other tool as it's not the preferred
form for making modifications.

Those rules are important. Dependencies allow us to reuse code and get
stuff done faster but they are not free lunch. We need to be
responsible about making sure they are available to us. Ubuntu 16.04
is not that far away and to be there, without removing any feature
we'd like to ship, we must plan ahead. That might involve reaching out
to various legal teams. That might involve reaching out to the
javascript packaging community in Debian to understand why some things
are not being updated. That might involve actively working on removing
any roadblocks so that our needs are served.

Thanks
ZK

[1] https://code.launchpad.net/~sylvain-pineau/checkbox/ppa-packaging-plainbox-jinja2/+merge/248865
[2] https://code.launchpad.net/~sylvain-pineau/checkbox/ppa-packaging-checkbox-ng-jinja2/+merge/248867

References

Javascript dependencies on plainbox
From: Zygmunt Krynicki, 2015-03-31