The the Node.js guidelines say about Source0 :
"The canonical method for shipping most node modules is tarballs from
the npm registry"
"This method [PP: tarbals from npm] should be preferred to using
checkouts from git or automatically generated tarballs from GitHub."
But I think that in following cases it would be better to use sources
from the upstream project:
1) When the license is not included in NPM but is in upstream project.
o Because we are not supposed to ship the license separate from the
2) When the tests are not included.
o In this case we need to download the sources from NPM and from
upstream project, which seems redundant and a waste of work.
3) When NPM content is generated and source files are not in NPM.
o This would mean to download sources from NPM and upstream project,
delete the NPM sources in prep and generate the files again.
Are there good reason to enforce the use of NPM sources which I am
missing? What is your opinion?
I would like to suggest to ad those three exceptions to the guidelines.
Hello. I'm trying to get js-jquery1 to build on F24, and was wondering if
anybody in the Node.js SIG could help me. See forwarded message below with
all the details from devel(a)lists.fedoraproject.org.
---------- Forwarded message ---------
From: Christopher <ctubbsii(a)fedoraproject.org>
Date: Tue, Nov 29, 2016 at 8:30 PM
Subject: Re: [HELPWANTED] Building jquery for F24 branch
To: Development discussions related to Fedora <devel(a)lists.fedoraproject.org
On Tue, Nov 29, 2016 at 8:13 PM Tom Hughes <tom(a)compton.nu> wrote:
On 30/11/16 01:02, Christopher wrote:
> Can anybody help me build js-jquery1 for F24? I keep getting some NodeJS
> and/or Grunt error with uglify, but only for the F24 branch. I want to
> update the package, and I can get all the other branches to build just
> fine (including EPEL7, F25, and rawhide), but F24 is broken even before
> I apply any updates/changes, and I'm not sure why.
Well the Node.js SIG are probably the people to ask, but I can't see any
builds on koji, so if you want help you're going to have to point us at
the build or give us some more information about the error you are seeing.
I figured I'd ask for help first, before spamming this list with details :)
But, the failure is reproducible with mockbuild. Here's a scratch build
which failed: http://koji.fedoraproject.org/koji/taskinfo?taskID=16675312
I can check with the Node.js SIG (I didn't realize such a thing existed).
If you're planning to update from 1.11 to 1.12 then I would have to ask
if that is even appropriate in a released version anyway...
That's a good question. I'm not sure. It really depends on what API changes
upstream is making, and who depends on the js-jquery1 compat package. At
first, I would have said yes, to get the security fix for
https://bugzilla.redhat.com/show_bug.cgi?id=1399547 . However, I now
realize that the patch they had applied to 1.12 for that was never
released, and was instead reverted in all branches before 3.0, which isn't
even packaged (yet) in Fedora. So now, the options are to backport the fix
to the versions in Fedora... or to ignore the issue until we update to 3.0.
Even if we ignore, it doesn't resolve the question about what to do with
the compat packages for jquery1 (and maybe a future compat package for
Whether or not we upgrade or backport a security fix, I can't proceed at
all on the F24 branch right now.
Tom Hughes (tom(a)compton.nu)