https://bugzilla.redhat.com/show_bug.cgi?id=1879291 --- Comment #7 from Ankur Sinha (FranciscoD) <sanjay.ankur@xxxxxxxxx> --- (In reply to Charalampos Stratakis from comment #6) > <snip>> > [?]: Package contains no bundled libraries without FPC exception. > > There are some files with which have a license somewhere in the middle and > they mention other libraries there. For example on > bokeh/server/static/js/bokeh-widgets.legacy.js I see: > > 535: /* flatpickr/dist/flatpickr.js */ function _(require, module, exports) { > /* flatpickr v4.6.3, @license MIT */ > > I am not very familiar with javascript code. Would flatpickr in this case be > considered a bundled library? > Thanks Charalampos. I'll have to check on this too. From the looks of it, the pypi tar includes the built version of bokehjs, which bundles a bunch of node js libraries. These are included here in the package-lock.json file (the ones that aren't dev ones are what I'll have to look at): https://github.com/bokeh/bokeh/blob/0b9526ef553d938bf5de187e2511564c648c13bd/bokehjs/package-lock.json This is the whole dep tree, though. So are we required to include all of these as bundled(...), or do we grep the sources to see which of these are actually bundled and only include those? I think the latter perhaps, but js files are notoriously hard to go through. I'll go enquire on the -devel list. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx
