Quoting Xavier (2020-10-25 11:27:55) > Le 25/10/2020 à 09:06, Pirate Praveen a écrit : > > > > On 2020, ഒക്ടോബർ 25 10:09:13 AM IST, Debian testing watch > > <nore...@release.debian.org> wrote: > >> FYI: The status of the node-rollup-plugin-inject source package > >> in Debian's testing distribution has changed. > >> > >> Previous version: (not in testing) > >> Current version: 4.0.2+~3.0.2-1 > > > > Are we going to maintain legacy versions of these plugins in bullseye? I > > agree adding them makes the transition easier, but removing the legacy > > copies should also be part of the plan to avoid maintaining multiple > > versions of these plugins. > > Hi, > > you're right, however there are a lot of outdated modules in JS Team > packages, and these rollup plugins have no known vulnerabilities. > > We can also facilitate transition using this way (using experimental of > course): > * remove legacy module from any node-rollup-plugin-* > * insert our own legacy modules in them including just: > * /usr/share/nodejs/rollup-plugin-foo/package.json > > { "name":"rollup-plugin-foo", > "main":"index.js", > "dependencies":{ > "@rollup/plugin-foo": "*" > } > } > > * /usr/share/nodejs/rollup-plugin-foo/index.js > > module.export = require("@rollup/plugin-foo"); > > Note that transition of node-rollup-plugin-commonjs won't be easy > (remember 10.0.1+really.9.2.0). Same for node-rollup-plugin-node-resolve
Do I understand you correctly that you propose to ship legacy library embedded with consuming packages? That seems backwards to me - what would be the benefit? I think it is better to ship legacy library with non-legacy library, to ease tracking of its continued need and maintain it where there is most knowledge about the library, but I may be missing something... - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel