I don’t think the change in NodeJS guidelines was a success, but a cautionary tale. In
fact, I think the new NodeJS guidelines are effectively unusable, because people then
point out bundled fonts, web assets and minified sources not built from their original
sources, and other issues in the prescribed pile of bundled dependencies. Even the example
package in the NodeJS guidelines has these issues. The only theoretically available
solution seems to be to discard the official bundler script, become an expert on much of
the entire recursive dependency tree, hack up troublesome packages, and rebuild them from
additional sources—all in one spec file—then repeat the auditing and patching effort *for
every update of every NodeJS package*. To my knowledge, nobody has ever attempted that.
Prescribing “mechanical” bundling without explicitly absolving packagers from the usual
level of responsibility for the bundled files is not a recipe for a viable ecosystem.
– Ben Beasley (FAS music)
On Tue, Nov 1, 2022, at 4:14 AM, Vitaly Zaitsev via devel wrote:
> On 31/10/2022 16:45, Kalev Lember wrote:
>> Right now when someone mentions that something was rewritten in rust,
>> that sounds a lot like a death sentence for the Fedora package.
> Yes it is.
>> I don't think it should be like that; and I'd like to fix that.
> Me to. That's why we need to drop all packaged crates from the
> repositories and allow bundling (of course with virtual "Provides:
> bundled(foo) = version"), as we did with nodejs last year.
> Vitaly Zaitsev (vitaly(a)easycoding.org)
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
> Fedora Code of Conduct:
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> Do not reply to spam, report it: