Recently a number of reviews of Node.js packages that I have been involved in, both as a submitter and as a reviewer, have run into an issue with code that has been copied from elsewhere.
A couple of things I'm reviewing that are blocked on this:
nodejs-vows - https://bugzilla.redhat.com/show_bug.cgi?id=911229 nodejs-should - https://bugzilla.redhat.com/show_bug.cgi?id=911188
One of my packages with a similar problem:
nodejs-oauth - https://bugzilla.redhat.com/show_bug.cgi?id=914924
and a post-review ticket relating to one that slipped through:
nodejs-deep-equal - https://bugzilla.redhat.com/show_bug.cgi?id=915082
None of these are strictly a bundled library in the sense of having a copy of a complete package - each is a case of copying a file, or even just a single function, from another source.
The question I have is whether this amounts to bundling that needs to be resolved and/or granted an exception? or can it pass review as is?
Thanks for any advice you can offer,
Tom
On Sun, Mar 3, 2013 at 11:02 AM, Tom Hughes tom@compton.nu wrote:
Recently a number of reviews of Node.js packages that I have been involved in, both as a submitter and as a reviewer, have run into an issue with code that has been copied from elsewhere.
A couple of things I'm reviewing that are blocked on this:
nodejs-vows - https://bugzilla.redhat.com/**show_bug.cgi?id=911229https://bugzilla.redhat.com/show_bug.cgi?id=911229 nodejs-should - https://bugzilla.redhat.com/**show_bug.cgi?id=911188https://bugzilla.redhat.com/show_bug.cgi?id=911188
One of my packages with a similar problem:
nodejs-oauth - https://bugzilla.redhat.com/**show_bug.cgi?id=914924https://bugzilla.redhat.com/show_bug.cgi?id=914924
and a post-review ticket relating to one that slipped through:
nodejs-deep-equal - https://bugzilla.redhat.com/**show_bug.cgi?id=915082https://bugzilla.redhat.com/show_bug.cgi?id=915082
None of these are strictly a bundled library in the sense of having a copy of a complete package - each is a case of copying a file, or even just a single function, from another source.
The question I have is whether this amounts to bundling that needs to be resolved and/or granted an exception? or can it pass review as is?
Thanks for any advice you can offer,
What do the answers to these questions give you?
https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Standard_quest...
-J
Tom
-- Tom Hughes (tom@compton.nu) http://compton.nu/ -- packaging mailing list packaging@lists.fedoraproject.**org packaging@lists.fedoraproject.org https://admin.fedoraproject.**org/mailman/listinfo/packaginghttps://admin.fedoraproject.org/mailman/listinfo/packaging
On 04/03/13 15:21, Jon Ciesla wrote:
On Sun, Mar 3, 2013 at 11:02 AM, Tom Hughes <tom@compton.nu mailto:tom@compton.nu> wrote:
The question I have is whether this amounts to bundling that needs to be resolved and/or granted an exception? or can it pass review as is? Thanks for any advice you can offer,What do the answers to these questions give you?
https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Standard_quest...
Well I'm sure each case will have different answers to at least some of those, but as I understand it those are only directly relevant when applying for an exception anyway.
So I suppose that does answer my question in that it sounds like you think this is bundling that needs to be resolved or an exception applied for so I shall proceed on that basis.
The biggest issue is probably the _deepEqual routine, which is a private function in Node's core that has been copied into an extension package (packaged as nodejs-deep-equal) to make it available to other extensions - that has already been approved. When this was questioned the owner said that as it was a "fork" of the core no exception was needed though I'm not sure what in the guidelines allow this.
It has also been copied into several other test frameworks which have in many cases then customised it to reflect their ideas of what should and should not be considered "equal" when comparing two objects.
Tom
None of these are strictly a bundled library in the sense of having a
copy of a complete package - each is a case of copying a file, or even just a single function, from another source.
We (FPC) had talked about code fragments being bundled at one time and I'm pretty sure we wanted to be lenient. However, I can't seem to find the wording in the guideline about it.... One possibility is that we made the idea of code fragments a reason to grant exceptions rather than a reason you don't have to get an exception. Perhaps
My suggestion would be to open an exception request and mention that these are code fragments (with whatever details you can find)... Hopefully one of the other FPC members will remember more details about this and we'll be able to grant it (and make that portion of the guideline more visible). -Toshio
packaging@lists.fedoraproject.org
-
Jon Ciesla -
Tom Hughes -
Toshio Kuratomi