On 18/01/18 12:14, Carsten Agger wrote:
- However, I find containers to be black magic. How can you trust them
to be 100% free software if you don't build them yourself? I honestly don't know if Debian's packaging model is a perfect fit for distributing JavaScript, which is, I suppose, why people have come up with npm etc.
I don't think it is about whether Debian's model is perfect or not
Rather, it is about people taking one or more of the following shortcuts:
- they want to use build tools that don't exist in Debian because they
are not free software (e.g. jslint, jshint)
FWIW, none of these are build tools. These are just linting tools, that people use regardless of the packaging/build. I'm personally using ESLint, which is MIT licensed.
- they want to use other JavaScript libraries that are not free software
I understand you point in this thread in general, but using npm or not using Debian packages doesn't necessarily equals using non-free software.
- they don't want to spend time on little things like creating a proper
install directory for their files because they just hack on them in their web server directory
No developer touches a web server directory. At least not on a proper deployment workflow. This is why people use things like package.json and npm/yarn to describe dependencies in an server (and distribution) agnostic way. And then use something like Ansible for deployment.
- maybe they don't even release or version their code because they just
hack on it as they please
It depends. For instance projects like Discourse do version their code. If you are talking about a website, usually there is no need for versioning, especially if you are using a CI/CD workflow.
~nikos