Bug#1005328: RM: uglifyjs/2.8.29-8
[ adding Yadd as cc ] Quoting Sebastian Ramacher (2022-02-11 15:25:19) > On 2022-02-11 14:48:00 +0100, Jonas Smedegaard wrote: > > Quoting Sebastian Ramacher (2022-02-11 13:24:16) > > > Control: tags -1 moreinfo > > > > > > On 2022-02-11 12:08:52 +0100, Jonas Smedegaard wrote: > > > > Package: release.debian.org > > > > Severity: normal > > > > User: release.debian@packages.debian.org > > > > Usertags: rm > > > > X-Debbugs-Cc: Debian Javascript Maintainers > > > > > > > > > > > > uglifyjs v2 was last updated upstream in 2017, and has no real > > > > maintainer in Debian since December 2020 - see bug#958117 > > > > > > > > The package should not be released with bookworm, but may still have > > > > reverse (build-)dependencies, and I therefore request removal only from > > > > testing for now. Please advice if another approach is more sensible. > > > > > > So this is the same request as #968137. The current situation is: > > > > > > I: [2022-02-11T12:19:15+] - trying: -uglifyjs > > > I: [2022-02-11T12:19:15+] - skipped: -uglifyjs (0, 33, 62) > > > I: [2022-02-11T12:19:15+] - got: 123+0: > > > a-3:a-0:a-0:a-0:i-119:m-0:m-0:p-0:s-1 > > > I: [2022-02-11T12:19:15+] - * amd64: rails, ruby-uglifier > > > > Package requested for removal is src:uglifyjs, building binary package > > node-uglify which provides virtual package uglifyjs. > > > > Packages (build-)depending (unversioned or with only lower bounds) on > > "uglifyjs" should _not_ break: Such dependency is satisfied by package > > src:uglify-js, building binary package uglifyjs. > > > > (i.e. there are 2 packages, one with and one without dash) > > > > > > > Checking reverse dependencies... > > [ false positive satisfied by src:uglify-js snipped ] > > > > > ruby-uglifier: ruby-uglifier > > > > Current upstream code FTBFS with Uglifyjs: see bug#981224 > > > > v2 branch currently in Debian unstable last update upstream in 2015: > > https://github.com/lautis/uglifier/tags?after=v3.0.0 > > > > > > > # Broken Build-Depends: > > [ false positives satisfied by src:uglify-js snipped ] > > > > > class.js: node-uglify > > > > Bug#979888 > > > > > flightgear-phi: node-uglify > > > > Bug#979902 > > > > > jquery-coolfieldset: node-uglify > > > > Bug#979906 > > > > > jquery-lazyload: node-uglify > > > > Bug#979911 > > > > > jquery-reflection: node-uglify > > > > Bug#979907 > > > > > jquery-watermark: node-uglify > > > > Bug#979943 > > > > > jquery-caret.js: node-uglify > > > > Bug#979934 > > > > > jquery-simpletreemenu: node-uglify > > > > Bug#979940 > > > > > jquery-throttle-debounce: node-uglify > > > > Bug#979886 > > > > > raphael: node-uglify (>= 1.1.1-2~) > > > > Bug#979937 > > > > > ruby-rails-assets-favico.js: node-uglify > > > > Bug#979962 > > > > > ruby-rails-assets-jquery-fullscreen-plugin: node-uglify > > > > Bug#979955 > > > > > ruby-rails-assets-perfect-scrollbar: node-uglify > > > > Bug#979936 > > > > > ruby-uglifier: libjs-uglify > > > > (see reasons at build-dependency above) > > > > > slick: node-uglify > > > > Bug#979954 > > > > > sockjs-client: node-uglify (>= 2.0) > > > > Bug979958 > > > > > > > If you want to get uglifyjs removed from testing, there needs to > > > be an upgrade path to uglify-js 3.15.0 or all of these packages > > > need to be updated. So what's your plan here? > > > > I have no plan. What plan might be sensible? > > As I have no idea what uglifyjs is used for, I cannot tell you. If > it's a drop in replacement, update the build dependencies or establish > an upgrade path via transitional packages. If it's not, patch them. > > In the end, the above bugs need to be fixed to get uglifjs removed. @Yadd: You did the mass-filing - can I ask you to please bump severity, since the normal process of bumping _after_ a package releationship changes to be a FTBFS cannot be used here because src:uglifyjs is transitively a key package. Maybe my post to bug#979886 is useful for such followup mail. > > > > (I tried to get the package auto-kicked from testing by filing > > > > release-critical bug#958117 but evidently that didn't work.) > > > > > > uglifyjs is a key package, so auto-removal does not apply. > > > > What does "key package" mean? Simply that other packages > > (build-)depend on it, or perhaps some manually maintained list by > > the release team? > > > > If the latter, then please remove src:uglifyjs as key package and > > instead treat src:uglify-js as key package. > > You can check with the link Paul sent. It looks like other key > packages (there seems to be a path from reportbug via pytest to > uglifjs) build-depend on it. (Build)-Dependencies of key packages are > again key packages. So it will only be removed from the key package > list once those dependencies are fixed. Ah, thanks - now I understand how to use the link from Paul. Seems it is jquery-throttle-debounce that turns src:uglifyjs into a key package. I
Bug#1005328: RM: uglifyjs/2.8.29-8
On 2022-02-11 14:48:00 +0100, Jonas Smedegaard wrote: > Quoting Sebastian Ramacher (2022-02-11 13:24:16) > > Control: tags -1 moreinfo > > > > On 2022-02-11 12:08:52 +0100, Jonas Smedegaard wrote: > > > Package: release.debian.org > > > Severity: normal > > > User: release.debian@packages.debian.org > > > Usertags: rm > > > X-Debbugs-Cc: Debian Javascript Maintainers > > > > > > > > > uglifyjs v2 was last updated upstream in 2017, and has no real > > > maintainer in Debian since December 2020 - see bug#958117 > > > > > > The package should not be released with bookworm, but may still have > > > reverse (build-)dependencies, and I therefore request removal only from > > > testing for now. Please advice if another approach is more sensible. > > > > So this is the same request as #968137. The current situation is: > > > > I: [2022-02-11T12:19:15+] - trying: -uglifyjs > > I: [2022-02-11T12:19:15+] - skipped: -uglifyjs (0, 33, 62) > > I: [2022-02-11T12:19:15+] - got: 123+0: > > a-3:a-0:a-0:a-0:i-119:m-0:m-0:p-0:s-1 > > I: [2022-02-11T12:19:15+] - * amd64: rails, ruby-uglifier > > Package requested for removal is src:uglifyjs, building binary package > node-uglify which provides virtual package uglifyjs. > > Packages (build-)depending (unversioned or with only lower bounds) on > "uglifyjs" should _not_ break: Such dependency is satisfied by package > src:uglify-js, building binary package uglifyjs. > > (i.e. there are 2 packages, one with and one without dash) > > > > Checking reverse dependencies... > [ false positive satisfied by src:uglify-js snipped ] > > > ruby-uglifier: ruby-uglifier > > Current upstream code FTBFS with Uglifyjs: see bug#981224 > > v2 branch currently in Debian unstable last update upstream in 2015: > https://github.com/lautis/uglifier/tags?after=v3.0.0 > > > > # Broken Build-Depends: > [ false positives satisfied by src:uglify-js snipped ] > > > class.js: node-uglify > > Bug#979888 > > > flightgear-phi: node-uglify > > Bug#979902 > > > jquery-coolfieldset: node-uglify > > Bug#979906 > > > jquery-lazyload: node-uglify > > Bug#979911 > > > jquery-reflection: node-uglify > > Bug#979907 > > > jquery-watermark: node-uglify > > Bug#979943 > > > jquery-caret.js: node-uglify > > Bug#979934 > > > jquery-simpletreemenu: node-uglify > > Bug#979940 > > > jquery-throttle-debounce: node-uglify > > Bug#979886 > > > raphael: node-uglify (>= 1.1.1-2~) > > Bug#979937 > > > ruby-rails-assets-favico.js: node-uglify > > Bug#979962 > > > ruby-rails-assets-jquery-fullscreen-plugin: node-uglify > > Bug#979955 > > > ruby-rails-assets-perfect-scrollbar: node-uglify > > Bug#979936 > > > ruby-uglifier: libjs-uglify > > (see reasons at build-dependency above) > > > slick: node-uglify > > Bug#979954 > > > sockjs-client: node-uglify (>= 2.0) > > Bug979958 > > > > If you want to get uglifyjs removed from testing, there needs to be an > > upgrade path to uglify-js 3.15.0 or all of these packages need to be > > updated. So what's your plan here? > > I have no plan. What plan might be sensible? As I have no idea what uglifyjs is used for, I cannot tell you. If it's a drop in replacement, update the build dependencies or establish an upgrade path via transitional packages. If it's not, patch them. In the end, the above bugs need to be fixed to get uglifjs removed. > > > (I tried to get the package auto-kicked from testing by filing > > > release-critical bug#958117 but evidently that didn't work.) > > > > uglifyjs is a key package, so auto-removal does not apply. > > What does "key package" mean? Simply that other packages (build-)depend > on it, or perhaps some manually maintained list by the release team? > > If the latter, then please remove src:uglifyjs as key package and > instead treat src:uglify-js as key package. You can check with the link Paul sent. It looks like other key packages (there seems to be a path from reportbug via pytest to uglifjs) build-depend on it. (Build)-Dependencies of key packages are again key packages. So it will only be removed from the key package list once those dependencies are fixed. Cheers -- Sebastian Ramacher signature.asc Description: PGP signature
Bug#1005328: RM: uglifyjs/2.8.29-8
Quoting Sebastian Ramacher (2022-02-11 13:24:16) > Control: tags -1 moreinfo > > On 2022-02-11 12:08:52 +0100, Jonas Smedegaard wrote: > > Package: release.debian.org > > Severity: normal > > User: release.debian@packages.debian.org > > Usertags: rm > > X-Debbugs-Cc: Debian Javascript Maintainers > > > > > > uglifyjs v2 was last updated upstream in 2017, and has no real > > maintainer in Debian since December 2020 - see bug#958117 > > > > The package should not be released with bookworm, but may still have > > reverse (build-)dependencies, and I therefore request removal only from > > testing for now. Please advice if another approach is more sensible. > > So this is the same request as #968137. The current situation is: > > I: [2022-02-11T12:19:15+] - trying: -uglifyjs > I: [2022-02-11T12:19:15+] - skipped: -uglifyjs (0, 33, 62) > I: [2022-02-11T12:19:15+] - got: 123+0: > a-3:a-0:a-0:a-0:i-119:m-0:m-0:p-0:s-1 > I: [2022-02-11T12:19:15+] - * amd64: rails, ruby-uglifier Package requested for removal is src:uglifyjs, building binary package node-uglify which provides virtual package uglifyjs. Packages (build-)depending (unversioned or with only lower bounds) on "uglifyjs" should _not_ break: Such dependency is satisfied by package src:uglify-js, building binary package uglifyjs. (i.e. there are 2 packages, one with and one without dash) > Checking reverse dependencies... [ false positive satisfied by src:uglify-js snipped ] > ruby-uglifier: ruby-uglifier Current upstream code FTBFS with Uglifyjs: see bug#981224 v2 branch currently in Debian unstable last update upstream in 2015: https://github.com/lautis/uglifier/tags?after=v3.0.0 > # Broken Build-Depends: [ false positives satisfied by src:uglify-js snipped ] > class.js: node-uglify Bug#979888 > flightgear-phi: node-uglify Bug#979902 > jquery-coolfieldset: node-uglify Bug#979906 > jquery-lazyload: node-uglify Bug#979911 > jquery-reflection: node-uglify Bug#979907 > jquery-watermark: node-uglify Bug#979943 > jquery-caret.js: node-uglify Bug#979934 > jquery-simpletreemenu: node-uglify Bug#979940 > jquery-throttle-debounce: node-uglify Bug#979886 > raphael: node-uglify (>= 1.1.1-2~) Bug#979937 > ruby-rails-assets-favico.js: node-uglify Bug#979962 > ruby-rails-assets-jquery-fullscreen-plugin: node-uglify Bug#979955 > ruby-rails-assets-perfect-scrollbar: node-uglify Bug#979936 > ruby-uglifier: libjs-uglify (see reasons at build-dependency above) > slick: node-uglify Bug#979954 > sockjs-client: node-uglify (>= 2.0) Bug979958 > If you want to get uglifyjs removed from testing, there needs to be an > upgrade path to uglify-js 3.15.0 or all of these packages need to be > updated. So what's your plan here? I have no plan. What plan might be sensible? > > (I tried to get the package auto-kicked from testing by filing > > release-critical bug#958117 but evidently that didn't work.) > > uglifyjs is a key package, so auto-removal does not apply. What does "key package" mean? Simply that other packages (build-)depend on it, or perhaps some manually maintained list by the release team? If the latter, then please remove src:uglifyjs as key package and instead treat src:uglify-js as key package. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#1005328: RM: uglifyjs/2.8.29-8
Control: tags -1 moreinfo On 2022-02-11 12:08:52 +0100, Jonas Smedegaard wrote: > Package: release.debian.org > Severity: normal > User: release.debian@packages.debian.org > Usertags: rm > X-Debbugs-Cc: Debian Javascript Maintainers > > > uglifyjs v2 was last updated upstream in 2017, and has no real > maintainer in Debian since December 2020 - see bug#958117 > > The package should not be released with bookworm, but may still have > reverse (build-)dependencies, and I therefore request removal only from > testing for now. Please advice if another approach is more sensible. So this is the same request as #968137. The current situation is: I: [2022-02-11T12:19:15+] - trying: -uglifyjs I: [2022-02-11T12:19:15+] - skipped: -uglifyjs (0, 33, 62) I: [2022-02-11T12:19:15+] - got: 123+0: a-3:a-0:a-0:a-0:i-119:m-0:m-0:p-0:s-1 I: [2022-02-11T12:19:15+] - * amd64: rails, ruby-uglifier If one checks with dak: Will remove the following packages from testing: libjs-uglify | 2.8.29-8 | all node-uglify | 2.8.29-8 | all uglifyjs | 2.8.29-8 | source Maintainer: Debian Javascript Maintainers --- Reason --- -- Checking reverse dependencies... # Broken Depends: node-dryice: node-dryice ruby-uglifier: ruby-uglifier # Broken Build-Depends: angular.js: uglifyjs asciimathtml: uglifyjs autosize.js: uglifyjs awesomplete: uglifyjs backbone: uglifyjs (>= 3) bignumber.js: uglifyjs blockui: uglifyjs bootsidemenu.js: uglifyjs c3: uglifyjs chartkick.js: uglifyjs class.js: node-uglify coffeescript: uglifyjs d3: uglifyjs d3-tip.js: uglifyjs dask.distributed: uglifyjs elycharts.js: uglifyjs eonasdan-bootstrap-datetimepicker: uglifyjs explorercanvas: uglifyjs flightgear-phi: node-uglify flot: uglifyjs gettext.js: uglifyjs gitgraph.js: uglifyjs glowing-bear: uglifyjs highlight.js: uglifyjs jquery-areyousure: uglifyjs jquery-caret.js: node-uglify jquery-coolfieldset: node-uglify jquery-goodies: uglifyjs jquery-i18n.js: uglifyjs jquery-lazyload: node-uglify jquery-minicolors: uglifyjs jquery-reflection: node-uglify jquery-simpletreemenu: node-uglify jquery-throttle-debounce: node-uglify jquery-typeahead.js: uglifyjs jquery-ui-touch-punch.js: uglifyjs jquery-watermark: node-uglify jquery.sparkline: uglifyjs jqueryui: uglifyjs json-js: uglifyjs (>= 3) jsrender: uglifyjs jstimezonedetect.js: uglifyjs knowl.js: uglifyjs kytos-sphinx-theme: uglifyjs ldap-account-manager: uglifyjs leaflet: uglifyjs (>= 3) leaflet-geometryutil: uglifyjs leaflet-markercluster: uglifyjs (>= 3) lemonldap-ng: uglifyjs libjs-autolink: uglifyjs libjs-blazy: uglifyjs libjs-bootbox: uglifyjs (>= 3) libjs-chosen: uglifyjs (>= 2) libjs-cssrelpreload: uglifyjs libjs-dropzone: uglifyjs libjs-jquery-center: uglifyjs libjs-jquery-jstree: uglifyjs libjs-jquery-markitup: uglifyjs libjs-jquery-scrollto: uglifyjs libjs-jquery-timeago: uglifyjs libjs-jsxc: uglifyjs libjs-material-design-lite: uglifyjs libjs-qunit: uglifyjs (>= 3) libjs-sdp: uglifyjs (>= 3) libjs-term.js: uglifyjs libjs-webrtc-adapter: uglifyjs (>= 3) lightbox2.js: uglifyjs (>= 3.6.3) modernizr: uglifyjs moment-timezone.js: uglifyjs mustache.js: uglifyjs node-ansi-up: uglifyjs node-async: uglifyjs node-autolinker: uglifyjs node-big.js: uglifyjs node-bluebird: uglifyjs node-bootstrap-tour: uglifyjs node-browser-pack: uglifyjs node-browserify-lite: uglifyjs node-chart.js: uglifyjs node-chroma-js: uglifyjs node-deep-eql: uglifyjs node-dryice: uglifyjs node-es5-shim: uglifyjs node-es6-shim: uglifyjs node-eventemitter2: uglifyjs node-expect.js: uglifyjs node-fast-levenshtein: uglifyjs node-functional-red-black-tree: uglifyjs (>= 3) node-immutable-tuple: uglifyjs node-imurmurhash: uglifyjs node-inflected: uglifyjs node-is-typedarray: uglifyjs node-iscroll: uglifyjs node-jsonselect: uglifyjs node-katex: uglifyjs node-knockout: uglifyjs node-lodash: uglifyjs node-lunr: uglifyjs (>= 3) node-moment: uglifyjs node-mousetrap: uglifyjs node-n3: uglifyjs (>= 3) node-nouislider: uglifyjs (>= 3.13.0) node-pinkyswear: uglifyjs node-q: uglifyjs node-seedrandom: uglifyjs node-sink-test: uglifyjs node-sprintf-js: uglifyjs node-stable: uglifyjs node-turbolinks: uglifyjs node-tweetnacl: uglifyjs node-typedarray-to-buffer: uglifyjs node-umd: uglifyjs node-util: uglifyjs node-uuid: uglifyjs node-websocket: uglifyjs node-with: uglifyjs node-zrender: uglifyjs olm: uglifyjs (>= 3) openlayers: uglifyjs pegjs: uglifyjs polymake: uglifyjs prefixfree: uglifyjs prosody-modules: uglifyjs pympler: uglifyjs python-django-colorfield: uglifyjs queue-async: uglifyjs rainbow.js: uglifyjs raphael: node-uglify (>= 1.1.1-2~) requirejs: uglifyjs requirejs-text: uglifyjs reqwest: uglifyjs rickshaw: uglifyjs ruby-rails-assets-favico.js: node-uglify ruby-rails-assets-jquery-fullscreen-plugin: node-uglify ruby-rails-assets-perfect-scrollbar: node-uglify ruby-uglifier: libjs-uglify sax.js: uglifyjs science.js: uglifyjs select2.js:
Bug#1005328: RM: uglifyjs/2.8.29-8
Hi Jonas, On 11-02-2022 12:08, Jonas Smedegaard wrote: (I tried to get the package auto-kicked from testing by filing release-critical bug#958117 but evidently that didn't work.) That would work if uglifyjs was not a key-package. We can only remove it if that's no longer the case, and then autoremoval will do it's work. Have you filed bugs with revers (build) dependencies already? It needs to be fixed there. Paul https://udd.debian.org/cgi-bin/key_packages.yaml.cgi - reason: jquery-throttle-debounce build-depends node-uglify source: uglifyjs (Be aware, the above reason my not be the only one reason why it's in key packages, it's just the first that the script encountered) OpenPGP_signature Description: OpenPGP digital signature
Bug#1005328: RM: uglifyjs/2.8.29-8
Package: release.debian.org Severity: normal User: release.debian@packages.debian.org Usertags: rm X-Debbugs-Cc: Debian Javascript Maintainers -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 uglifyjs v2 was last updated upstream in 2017, and has no real maintainer in Debian since December 2020 - see bug#958117 The package should not be released with bookworm, but may still have reverse (build-)dependencies, and I therefore request removal only from testing for now. Please advice if another approach is more sensible. (I tried to get the package auto-kicked from testing by filing release-critical bug#958117 but evidently that didn't work.) - Jonas -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmIGQ8EACgkQLHwxRsGg ASGcbw//TF1/n+bTOHNqo2UR5/PNAs818+b7CN2uKH+xFXSY3seSnyE95DEHng7K 2rNOTgo7Io2mOvQ2ND+vE0niPqm/p1wwFl70q1Owl0TQ4Dibw5MniXjc55wwQxX4 8wfJY3c4xlLneeiIr9+AskrqbafonDrRTxCC+NAtvTSQSBgsPdOUDPG15umHwSu3 /sx6bfsmH/LzSw6L6/yiskys3C4CfA4FYlcPdKZK+gWkmb+VWdhn1T4hRaUAN2I8 HCuJFGQns7ckb7O/RwSnOkC5ct9c00P8Y1O1kEUxkrGlBmMEq0mIvlCEP63t31Ud ZtmJt/K4WQJ4G/IVfG4/dtcEomPGmZIn07CFEqOU9B1r++nubeCULiCa2Tc9WsmQ eTziPFTcX24lRQ+O69ukg5G+N5WHKKu9uHYacZJa9jdS6qe5TKp07IH+BwTe4w9E LyG8AegBAVjnJ8U68B+KWFXrdpAkcjv3En7IeU3vryUXNPsZr2b3go/Ac2XecdFX 268H9z2rlUiamWQ6bOUNW8DYRvHF7CFNlVJ0tfgyo1bLNNjKjEwCfkHsTSsXQOt5 8g0UkVc168m//PrXQlNWJLWUV4VT+p0QLQGoEC6ES6N61U0H8zVRBEu048b3DFs3 W0QBhZDHxyJUAm1MbiAnRGmzY4/dxkFs4uZmAXRU/zired3XnaM= =40Qo -END PGP SIGNATURE-