Hi David! Sorry for the lateness - I'm currently devoid of free time, and my package maintainance status has suffered :(
> I just noticed that the collabtive package embeds its own copy of (at > least) HTMLPurifier (as available in the php-htmlpurifier package) and > phpseclib (as available in the php-seclib package). Right. Just please help me with this. There are two different questions I have on those libraries: - For php-seclib, after a quick diff, the version I currently have in Sid (0.3.8-1) seems clearly newer (and quite clearly, consisting mainly of bugfixes) than the one I'm shipping with Collabtive. I am unfamiliar with this library, so... In your experience, how incompatible would you expect a new version to be? Do you think I could just drop in the new one and not suffer too much? - As for php-htmlpurifier, it seems we are lucky as both packages carry 4.6.0. However, the one in Collabtive is a standalone file, stating in its header: * This file was auto-generated by generate-includes.php and includes all of * the core files required by HTML Purifier. Use this if performance is a * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS * FILE, changes will be overwritten the next time the script is run. So... Do you know what'd be the best way for this file to be replaced (or generated) from the package we are shipping? > It looks like most existing PHP classes used as dependencies are > currently symlinked. You may consider including them from where they > belong instead. I prefered symlinking as it requires less patching of the upstream code. But, of course, if the PHP packaging group's best practices are to patch, I will do so. Just please confirm!
signature.asc
Description: Digital signature
