Re: [Pkg-javascript-devel] Plan for legacy rollup plugins in bullseye (was Re: node-rollup-plugin-inject 4.0.2+~3.0.2-1 MIGRATED to testing)

Sun, 25 Oct 2020 03:58:13 -0700 

Quoting Xavier (2020-10-25 11:27:55)
> Le 25/10/2020 à 09:06, Pirate Praveen a écrit :
> > 
> > On 2020, ഒക്‌ടോബർ 25 10:09:13 AM IST, Debian testing watch 
> > <nore...@release.debian.org> wrote:
> >> FYI: The status of the node-rollup-plugin-inject source package
> >> in Debian's testing distribution has changed.
> >>
> >>  Previous version: (not in testing)
> >>  Current version:  4.0.2+~3.0.2-1
> > 
> > Are we going to maintain legacy versions of these plugins in bullseye? I 
> > agree adding them makes the transition easier, but removing the legacy 
> > copies should also be part of the plan to avoid maintaining multiple 
> > versions of these plugins.
> 
> Hi,
> 
> you're right, however there are a lot of outdated modules in JS Team
> packages, and these rollup plugins have no known vulnerabilities.
> 
> We can also facilitate transition using this way (using experimental of
> course):
>  * remove legacy module from any node-rollup-plugin-*
>  * insert our own legacy modules in them including just:
>    * /usr/share/nodejs/rollup-plugin-foo/package.json
> 
>      { "name":"rollup-plugin-foo",
>        "main":"index.js",
>        "dependencies":{
>          "@rollup/plugin-foo": "*"
>        }
>      }
> 
>    * /usr/share/nodejs/rollup-plugin-foo/index.js
> 
>      module.export = require("@rollup/plugin-foo");
> 
> Note that transition of node-rollup-plugin-commonjs won't be easy
> (remember 10.0.1+really.9.2.0). Same for node-rollup-plugin-node-resolve

Do I understand you correctly that you propose to ship legacy library 
embedded with consuming packages?

That seems backwards to me - what would be the benefit?

I think it is better to ship legacy library with non-legacy library, to 
ease tracking of its continued need and maintain it where there is most 
knowledge about the library, but I may be missing something...


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Attachment: signature.asc
Description: signature

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to