[TIP] Disable keyboard shortcuts in html coverage reports?
barry at python.org
Tue Mar 4 17:40:19 PST 2014
On Mar 05, 2014, at 02:22 PM, Thomi Richards wrote:
>The first two would fix the problem for users grabbing coverage from pypi,
>but we'd need to remove the distro-patch from the Ubuntu packages (but I
>can take care of that). The third option is a bit more dicey - I'm not
>convinced that the package is outright broken, merely incompatible with
Note that I'm working with the Debian maintainer of coverage, as the sponsor
for his maintenance of the package in Debian. I've pointed him to this thread
and would like to get his feedback. Ideally, we'd fix the problem in Debian
rather than carry an Ubuntu delta.
It's true that the preference is to use the system libraries instead of
"vendorizing" your dependencies. This case shows us why it's perfectly
reasonable for upstreams such as coverage to want to vendorize. The distro
position also makes sense: vendorizing any dependency makes it harder to
maintain, and to fix security issues, etc. I've seen many examples of
vendorized libraries, and with my distro maintainer hat on, it pains me every
I'm not sure there is a perfect solution in this particular case. I think
it's generally unreasonable for distros to impose more work on upstreams.
Ultimately, it's the distro package maintainer's responsibility to make the
package work correctly in the distro, by whatever reasonable means necessary.
This could mean developing patches for the package and sharing them with
upstream. (Of course, upstreams have every right to refuse such patches, as
they have a wider audience than just one or a few particular distros.) It
could also mean working with the maintainer of the dependency to ensure that a
compatible version is available in the distro. Or it might mean biting the
bullet and justifying to their sponsor and fellow distro maintainers, that
vendorizing is the best of the worst options.
In this particular case, I'm on the fence. If it's possible to make coverage
preferred. If that's not feasible, I'd accept vendorized JS libraries in this
case, as long as the maintainer (perhaps in cooperation with the coverage
developers) promised to be diligent about tracking bugs and especially
security issues in the vendorized libraries.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: not available
More information about the testing-in-python