On 18/01/18 12:14, Carsten Agger wrote:
- However, I find containers to be black magic. How can you trust them
to be 100% free software if you don't build them yourself? I honestly don't know if Debian's packaging model is a perfect fit for distributing JavaScript, which is, I suppose, why people have come up with npm etc.
I don't think it is about whether Debian's model is perfect or not
Rather, it is about people taking one or more of the following shortcuts:
- they want to use build tools that don't exist in Debian because they are not free software (e.g. jslint, jshint)
- they want to use other JavaScript libraries that are not free software
- they don't want to spend time on little things like creating a proper install directory for their files because they just hack on them in their web server directory
- maybe they don't even release or version their code because they just hack on it as they please
- they like to cut and paste bits of JavaScript from other sites without checking the license
If an organization like FSFE wants to know that the software, dependencies and build tools are all really free software then the "shortcut" to take is to use a Debian package because then you know somebody has checked all those things.
Regards,
Daniel