From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mike Gerwitz Subject: Re: jquery 3.1.1 Date: Fri, 20 Jan 2017 01:04:59 -0500 Message-ID: <874m0u8dx0.fsf@gnu.org> References: Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35524) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cUSKg-0003Oz-Gc for guix-devel@gnu.org; Fri, 20 Jan 2017 01:05:55 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cUSKf-0000Xc-C1 for guix-devel@gnu.org; Fri, 20 Jan 2017 01:05:54 -0500 In-Reply-To: (catonano@gmail.com's message of "Thu, 19 Jan 2017 21:48:44 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Catonano Cc: guix-devel --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, Jan 19, 2017 at 21:48:44 +0100, Catonano wrote: > Anyway, now I have a COMPLETE graph of the dependencies of jquery 3.1.1 > > It's made of > 47311 vertices and > 324569 edges lol... > Anyway, these broken packages pose a challenge to the mission of porting > Jquery into Guix, in my opinion, My greater concern is verifying licenses: that'd have to be considered in the DAG (...I hope it's a DAG; who knows what those node packages might be doing!) to flag potential problems. The JS community is pretty lax on licensing (in both the permissive sense and the I-don't-care sense); the license might not be correct or might be missing entirely. Or might not match what's in the source files. Verifying that many dependencies is going to be a challenge for an automated system; we'd want humans to look at many of them too to make sure things aren't fishy. :x The problem is that one single dependency that's mischaracterized as free---even if it's one of the single-function packages---can destroy an entire project (e.g. jQuery). For some packages, this task is feasible. > The code is here > https://gitlab.com/humanitiesNerd/Culturia Thanks for all the hard work you've put into this. I admit that I don't have the time to read into it much right now, but I'll certainly be following progress on this list. > One last fun fact: while I was watching the output flowing in my terminal, > I saw a package called > > "broccoli-funnel" Ah, they missed a really good logo opportunity! =2D-=20 Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 Old: 2217 5B02 E626 BC98 D7C0 C2E5 F22B B815 8EE3 0EAB https://mikegerwitz.com --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCgAGBQJYgaiLAAoJEIyRe39dxRuiw3AQALrVXi0xzXK8G0Y/1/NjIeOc nbpIQmecGVB6fjK+epflJkjs0ITLiGwLOG9YukWExw7+c7IxMQGqiWkHLAg3necF kf5zmeNiHj+RxWcl/EFVj6pX6mRb0IwZfQkP4xAAOu0fgI5G9esOpnAzGlaGPy5B xG1DdBoTMgrLyj2U9aOWkq23gfG54rP9fXO10r2eq43FBUUjVZq6bYLO9pVQQelO hvByDhMInkfLkQLfbhWQLRJIph5mjUVyE8Z4o3Z04mPzlLRPB69HbSXd4CUPDvdF 8xxYLVOWf5dS80qmA3gyYAY0g+ZUq/ohVZ+1i94nLwSebNwbYHYDI0us6qUSM94F JT1pMfSWKkTWCACCJD3ZJEVivyDj/0TQzXy/HC13YQ0w/tw6NhFifuJzacPoykm+ hlYMLCE0nrfnr741/biJub2owswVH5WlTFxN8W1aodSQ+kDnYMgoaUOLEJYoqB+E hAkXMz+kOC36F5YOEWOr8rWXfYR5jxaMBivT1SL0wLHNNku33u4JTnAUff7s6vYL tlmMrPr5ptRH+JmdxJweDlkthSLSVG69nPiM4dbEJJvbv4w0jvgid/+qcpzGuq5h E/Un8v4EKqGijnON/3zuRwUTmqya1rPjYWtxGoYFXZ7SKIHZX7wZnBdGxSv5Xzp+ 1IdPVv2RzhV0AulAKhiV =BVgc -----END PGP SIGNATURE----- --=-=-=--