[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: NPM and trusted binaries
|
From: |
Jelle Licht |
|
Subject: |
Re: NPM and trusted binaries |
|
Date: |
Thu, 08 Sep 2016 10:29:13 +0200 |
|
User-agent: |
mu4e 0.9.16; emacs 24.5.1 |
Just a quick note from me;
AFAIK, the http module is a built-in of node, so you can probably save
yourselves the efforts of packaging it ;-).
Furthermore, lots of development dependencies are not strictly
necessary; e.g. a minifier/uglifier is not required for most
functionality of a package, and ditto for linters and to a certain
extent test frameworks, at least for our initial set of node packages.
This initial set of packages can then (hopefully) be used to package the
rest of npm properly, including tests etc.
The biggest issue here is that an importer can not decide for you which
devDependency is actually is needed to properly build a source archive,
and which just provides convenience functions. The importer should
become more useful when we have a solid set of npm packages in guix.
Before that, the importer will probably be useful to a lesser degree for
any packages besides the most trivial.
Regarding feasibility and its weight, I would say that a simple
transformation such as concatenating files should not be an issue,
whereas more involved transformations such as tree shaking,
uglification, or tranpilation do involve a transformation that take away
much of our freedoms to modify the software, at least in practice.
- Jelle
Pjotr Prins <address@hidden> writes:
> On Wed, Sep 07, 2016 at 07:51:46PM +0200, Jan Nieuwenhuizen wrote:
>> Ludovic Courtès writes:
>>
>> >> Still, I think Guix would benefit from a somewhat more relaxed stance
>> >> in this.
>> >
>> > It’s part of Guix’s mission to build from source whenever that is
>> > possible, which is the case here, AIUI.
>
> Mission is fine and I agree with that (in principle).
>
>> WDYT, do we have enough information to decide if building from `source'
>> the right metaphor? Is it pracically feasible and does feasibilty have
>> any weight? What's the next step I could take to help to bring `q' and
>> `http' (and the other 316 packages I need) into Guix?
>
> I think we are clear we do not want binaries in the main project
> unless there is no way to do it from source.
>
> Personally I think we should be easier on ourselves which implies that
> we get multiple flavours of Guix.
>
> Another reason to make 'guix channels' work.
>
> Pj.
- Re: GSoC NPM, Jan Nieuwenhuizen, 2016/09/02
- Re: GSoC NPM, Thompson, David, 2016/09/02
- Re: GSoC NPM, Jelle Licht, 2016/09/02
- Re: GSoC NPM, Jan Nieuwenhuizen, 2016/09/04
- Re: GSoC NPM, Thompson, David, 2016/09/06
- NPM and trusted binaries, Pjotr Prins, 2016/09/06
- Re: NPM and trusted binaries, Ludovic Courtès, 2016/09/07
- Re: NPM and trusted binaries, Jan Nieuwenhuizen, 2016/09/07
- Re: NPM and trusted binaries, Pjotr Prins, 2016/09/08
- Re: NPM and trusted binaries,
Jelle Licht <=
- Re: NPM and trusted binaries, Mike Gerwitz, 2016/09/07
- Re: NPM and trusted binaries, Jan Nieuwenhuizen, 2016/09/08
- Re: NPM and trusted binaries, Mike Gerwitz, 2016/09/08
- Re: NPM and trusted binaries, Jan Nieuwenhuizen, 2016/09/08
- Re: NPM and trusted binaries, Mike Gerwitz, 2016/09/08
- Re: NPM and trusted binaries, Ludovic Courtès, 2016/09/09
- Re: NPM and trusted binaries, Pjotr Prins, 2016/09/09