[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: jquery 3.1.1

From: Mike Gerwitz
Subject: Re: jquery 3.1.1
Date: Fri, 20 Jan 2017 01:04:59 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)

On Thu, Jan 19, 2017 at 21:48:44 +0100, Catonano wrote:
> Anyway, now I have a COMPLETE graph of the dependencies of jquery 3.1.1
> It's made of
> 47311 vertices and
> 324569 edges


> Anyway, these broken packages pose a challenge to the mission of porting
> Jquery into Guix, in my opinion,

My greater concern is verifying licenses: that'd have to be considered
in the DAG (...I hope it's a DAG; who knows what those node packages
might be doing!) to flag potential problems.  The JS community is pretty
lax on licensing (in both the permissive sense and the I-don't-care
sense); the license might not be correct or might be missing
entirely.  Or might not match what's in the source files.

Verifying that many dependencies is going to be a challenge for an
automated system; we'd want humans to look at many of them too to make
sure things aren't fishy. :x  The problem is that one single dependency
that's mischaracterized as free---even if it's one of the
single-function packages---can destroy an entire project (e.g. jQuery).

For some packages, this task is feasible.

> The code is here

Thanks for all the hard work you've put into this.  I admit that I don't
have the time to read into it much right now, but I'll certainly be
following progress on this list.

> One last fun fact: while I was watching the output flowing in my terminal,
> I saw a package called
> "broccoli-funnel"

Ah, they missed a really good logo opportunity!

Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
Old: 2217 5B02 E626 BC98 D7C0  C2E5 F22B B815 8EE3 0EAB

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]