| From: |
| "Andrew M.A. Cater" <amacater-AT-galactic.demon.co.uk> |
| To: |
| debian-devel-AT-lists.debian.org |
| Subject: |
| Re: Lots and lots of tiny node.js packages |
| Date: |
| Wed, 2 Nov 2016 07:41:17 +0000 |
| Message-ID: |
| <20161102074117.GA7099@galactic.demon.co.uk> |
| Cc: |
| Ian Jackson <ijackson-AT-chiark.greenend.org.uk>, Sruthi Chandran <srud-AT-disroot.org>, Pirate Praveen <praveen-AT-debian.org> |
On Wed, Nov 02, 2016 at 12:04:27AM +0100, Marco d'Itri wrote:
> On Nov 01, Ian Jackson <ijackson@chiark.greenend.org.uk> wrote:
>
> > Can you explain why you don't aggregate these into bigger packages,
> > for use in Debian ?
> Because the node.js ecosystem is toxic and broken in encouraging
> relasing software which embeds very specific versions of lots of tiny
> libraries, and because Debian is ideologically against duplicating code
> in different packages and build systems downloading code ad built time.
>
> --
> ciao,
> Marco
I have to agree with Marco on this from a position of being a watcher on
the side rather than an active developer of much from Ruby on Rails / NPM
(and, earlier, helping to support users of the Maven build ecosystem).
NPM and Node is probably the worst offender - but there's a huge tendency
to create "magic environments" which pull in random bits of code to build
your software. Most Node bits are tiny - occasionally they'll break ABI /
versioning and everything else. This isn't the idea of a stable Debian package.
Ruby on Rails is also pretty much the same - Maven was and is the same, with
the added complication of difficulty of knowing what you get in millions and
millions of parts when the build system hides dependencies and is automagic.
Not everyone is well disciplined: most Linux distributions seem to have
given up in disgust so we have parallel ecosystems which don't trust or
understand the other - but you need a Linux distribution to be able to run it.
Meh
All the best
Andy C.
