Hi folks,
We weren't really sure where to file this but thought FESCo could be the starting point.
The context here is that there are a number of Python packages that the Neuro-SIG maintains that include JS bits (python-bokeh, python-plotly). They JS bits are npm/node ecosystem based and we're unsure if these packages can remain in Fedora, and if they can, what must be done.
The NodeJS guidelines say:
https://docs.fedoraproject.org/en-US/packaging-guidelines/Node.js/
You can provide a package that uses nodejs, but you should bundle all the nodejs libraries that are needed.
However, discussions in the devel list suggest that it isn't that simple. One must at least do:
There's a script that helps with building all the npm packages from source. However, the script does not seem to remove everything, things like minified js/css, and bundled fonts and so on.
So, while in theory the script does build the npm bits from source, in practice, one does have to remove all the other bits recursively in the dependency tree---which is rarely doable.
Could FESCo please clarify what is the bar for inclusion of such packages, and perhaps indicate how the guidelines need to be updated to match this bar?
CC: @music @gui1ty
I think we should maintain some level of pragmatism here. There are various packages which have embedded JS e.g. somewhere deep in the html version of the documentation, and this JS is some copied version, possibly with local modifications, but most people don't consider this important, and I think it's fine to use those "assets" as delivered by the package upstream. Of course, normal license checking rules apply, so the license must be known and appropriate for Fedora. But if upstream declares some license for the whole project, or the documentation part of the project, then we can assume that it's specified correctly. OTOH, if the JS part is not some minor thing, but the main part of the package, then we should be strict and rebuild everything from source.
For example, we keep bundled JS in https://src.fedoraproject.org/rpms/jupyterlab and we always did (it used to be bundled in python-notebook before).
Also related is the bundling for sphinx/doxygen generated bits (@music includes an analysis in this review : https://bugzilla.redhat.com/show_bug.cgi?id=2006555 )
@churchyard @zbyszek : I guess the question is in multiple parts:
Metadata Update from @humaton: - Issue tagged with: meeting
This was discussed during the FESCo meeting on 2024-03-18:
AGREED: Packages containing JavaScript should make the best effort to regenerate any precompiled/pre-minimized JS wherever possible, as this leads to more maintainable packages. Where this would result in a significant hardship, the bundled pregenerated JS may be shipped. This does not eliminate the requirement to validate licenses of bundled code. (+5, 0, -0)
FPC ticket https://pagure.io/packaging-committee/issue/1343
Metadata Update from @zbyszek: - Issue untagged with: meeting - Issue tagged with: document it
Metadata Update from @sgallagh: - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Metadata Update from @zbyszek: - Issue status updated to: Open (was: Closed)
Let's track this in https://pagure.io/packaging-committee/issue/1343.
Metadata Update from @zbyszek: - Issue untagged with: document it - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Commit 889df8ad relates to this ticket
https://pagure.io/packaging-committee/c/889df8ad
Log in to comment on this ticket.