The problem now is, that we need that module ASAP. I have no problem with packaging jison,
but it would have to be reviewed and built today/tomorrow and it's at least 7 modules.
I would prefer to package it as it is for now and rebuild it when jison is packaged.
----- Original Message -----
From: "Stephen Gallagher" <sgallagh(a)redhat.com>
Sent: Monday, November 23, 2015 8:26:04 PM
Subject: Re: How to handle generated code
-----BEGIN PGP SIGNED MESSAGE-----
On 11/23/2015 02:14 PM, Piotr Popieluch wrote:
transpiled from es6->es5, generated from coffeescript, or generated
Is it allowed to include these generated files in the module or do
we really need to "build from source". The package guidelines do
not mention generated code 
That's probably worth bringing up with the FPC, but I think
historically the requirement is that we have to build generated code
from the original source; that including a pre-built copy of it is
Some of the generic reasons would be that Fedora may use different
default flags to the compiler/interpreter that produces the generated
code and thus it might be expected to honor those (examples might
include security-hardening flags that upstream did not use).
I'm currently reviewing a package  which is generated with
jison, jison and its dependencies are not packaged. Packaging jison
seems like a lot of work without any benefits.
Well, is jison something that other packages would use to generate
code like these modules? Because if so, that's a clear benefit:
package jison and the others can use it.
Generated code is usually suspect, because in most cases it carries no
comments and tends to be difficult for a human to understand it
(compared to its source material). As a result, it would be very easy
for someone to sneak something into the generated code output that
doesn't match the sources
have to build from source?
My opinion is ALWAYS build from source; it's the only way to ensure
what you deliver actually matches the readable sources.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
nodejs mailing list