> On 18/01/18 12:14, Carsten Agger wrote: > >> 2. However, I find containers to be black magic. How can you trust them >> to be 100% free software if you don't build them yourself? I honestly >> don't know if Debian's packaging model is a perfect fit for distributing >> JavaScript, which is, I suppose, why people have come up with npm etc. > > I don't think it is about whether Debian's model is perfect or not > > Rather, it is about people taking one or more of the following shortcuts: > > - they want to use build tools that don't exist in Debian because they > are not free software (e.g. jslint, jshint)
FWIW, none of these are build tools. These are just linting tools, that people use regardless of the packaging/build. I'm personally using ESLint, which is MIT licensed. > - they want to use other JavaScript libraries that are not free software I understand you point in this thread in general, but using npm or not using Debian packages doesn't necessarily equals using non-free software. > - they don't want to spend time on little things like creating a proper > install directory for their files because they just hack on them in > their web server directory No developer touches a web server directory. At least not on a proper deployment workflow. This is why people use things like package.json and npm/yarn to describe dependencies in an server (and distribution) agnostic way. And then use something like Ansible for deployment. > - maybe they don't even release or version their code because they just > hack on it as they please It depends. For instance projects like Discourse do version their code. If you are talking about a website, usually there is no need for versioning, especially if you are using a CI/CD workflow. ~nikos _______________________________________________ Discussion mailing list Discussion@lists.fsfe.org https://lists.fsfe.org/mailman/listinfo/discussion