[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: jquery 3.1.1

From: Ludovic Courtès
Subject: Re: jquery 3.1.1
Date: Fri, 20 Jan 2017 22:14:42 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux)


Mike Gerwitz <address@hidden> skribis:

> On Thu, Jan 19, 2017 at 21:48:44 +0100, Catonano wrote:
>> Anyway, now I have a COMPLETE graph of the dependencies of jquery 3.1.1
>> It's made of
>> 47311 vertices and
>> 324569 edges
> lol...
>> Anyway, these broken packages pose a challenge to the mission of porting
>> Jquery into Guix, in my opinion,
> My greater concern is verifying licenses: that'd have to be considered
> in the DAG (...I hope it's a DAG; who knows what those node packages
> might be doing!) to flag potential problems.  The JS community is pretty
> lax on licensing (in both the permissive sense and the I-don't-care
> sense); the license might not be correct or might be missing
> entirely.  Or might not match what's in the source files.
> Verifying that many dependencies is going to be a challenge for an
> automated system; we'd want humans to look at many of them too to make
> sure things aren't fishy. :x  The problem is that one single dependency
> that's mischaracterized as free---even if it's one of the
> single-function packages---can destroy an entire project (e.g. jQuery).

Indeed, that’s terrible.

(One could argue that single-function packages are “trivial” from a
copyright standpoint.  Then the subset of the npm repo containing those
trivial packages could be viewed as a database of “facts” (which, in
some jurisdiction, is covered by a “sui generis” right disjoint from

>> One last fun fact: while I was watching the output flowing in my terminal,
>> I saw a package called
>> "broccoli-funnel"
> Ah, they missed a really good logo opportunity!



reply via email to

[Prev in Thread] Current Thread [Next in Thread]