Hacker News new | past | comments | ask | show | jobs | submit login

I'm surprised the option of moving the package to contrib got so little support. Many of these packages don't seem a good fit for Debian stable and its security-patch model.



contrib is for software that doesn't fit into a fully FOSS ecosystem. It's not for sidestepping security or quality concerns.

I wouldn't want to see FOSS with no proprietary dependencies stuffed into contrib because of packaging issues.


ArchiveBox is fully FOSS but is almost unpackagable on stable because it depends on a mix of both pip, packages, npm, and chromium (which is only distributed via snap).

The core value provided by ArchiveBox is the integration of these disparate tools into a single UX, so it's stuck in contrib/ppa for the foreseeable future.

This is just one example of a FOSS package that doesn't fit neatly into Debian's distribution model, but there are many others.


It is hard to audit DFSG compliance for software whose build process pulls in dependencies at run time.


then.. they should just make a new "vendored" repo for that kind of software ?




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: