On Mon, Nov 07, 2011 at 09:16:21PM +0100, Vincent Danjean wrote:
> Le 07/11/2011 20:03, Bastian Blank a écrit :
> >On Mon, Nov 07, 2011 at 06:12:42PM +, Ian Jackson wrote:
> >> * JS library packages should be versioned in the name, like C runtime
> >>library packages are, so that multiple
Le 07/11/2011 20:03, Bastian Blank a écrit :
On Mon, Nov 07, 2011 at 06:12:42PM +, Ian Jackson wrote:
* JS library packages should be versioned in the name, like C runtime
library packages are, so that multiple versions are coinstallable.
Why not _one_ package per lib and multiple (a
On Mon, Nov 07, 2011 at 06:12:42PM +, Ian Jackson wrote:
> * JS library packages should be versioned in the name, like C runtime
>library packages are, so that multiple versions are coinstallable.
Why not _one_ package per lib and multiple (a sane number of) versions
in it? The security t
Pau Garcia i Quiles writes ("Re: Dealing with embedded javascript libraries"):
> On Thu, Oct 27, 2011 at 1:28 AM, Ian Jackson
> wrote:
> > The difficulty is that if we end up with ten different versions of
> > some random javascript library, when it turns out to have
Michael Gilbert escreveu isso aí:
> On Wed, Oct 26, 2011 at 6:55 PM, Zygmunt Krynicki wrote:
> > Is there anyone that would like to mentor me for a while to help me get
> > started? I'm quite interested in solving this problem.
>
> You can certainly work on anything in Debian (including this) and
W dniu 31.10.2011 14:49, Pau Garcia i Quiles pisze:
On Thu, Oct 27, 2011 at 1:28 AM, Ian Jackson
wrote:
The difficulty is that if we end up with ten different versions of
some random javascript library, when it turns out to have a security
vulnerability we need to somehow backport the patch t
On Thu, Oct 27, 2011 at 1:28 AM, Ian Jackson
wrote:
> The difficulty is that if we end up with ten different versions of
> some random javascript library, when it turns out to have a security
> vulnerability we need to somehow backport the patch to each of those
> ten versions.
>
> And here "we"
* Raphael Hertzog , 2011-10-26, 18:47:
For instance I just noticed that we can't install new widgets with
the current wordpress package due to some javascript related problem.
I'm not familiar enough with the codebase to investigate it easily. I
can't ask upstream about it because it works wit
On Thu, Oct 27, 2011 at 7:28 AM, Ian Jackson wrote:
> The difficulty is that if we end up with ten different versions of
> some random javascript library, when it turns out to have a security
> vulnerability we need to somehow backport the patch to each of those
> ten versions.
>
> And here "we" m
On Wed, Oct 26, 2011 at 6:55 PM, Zygmunt Krynicki wrote:
> Is there anyone that would like to mentor me for a while to help me get
> started? I'm quite interested in solving this problem.
You can certainly work on anything in Debian (including this) and
present your work to mentors [0] and/or the
Michael Gilbert writes ("Re: Dealing with embedded javascript libraries"):
> There isn't any real technical factor limiting the number of versions
> to one. Theoretically, there could both jquery1.4 and jquery1.6
> source packages coexisting (as long as the binary f
W dniu 27.10.2011 00:29, Zygmunt Krynicki pisze:
W dniu 24.10.2011 01:20, Ben Finney pisze:
I would very much like that to change – that programmers should expect a
single instance of a Javascript library to be useable across the OS, and
that a Javascript library without a dependable ABI should
W dniu 27.10.2011 00:46, Michael Gilbert pisze:
On Wed, Oct 26, 2011 at 6:29 PM, Zygmunt Krynicki wrote:
If anything, having one version of a javascript library *hurts*
Debian-as-a-platform. I would encourage a different approach altogether:
explicit mutli-versioning (ideally for all upstream re
On Wed, Oct 26, 2011 at 6:29 PM, Zygmunt Krynicki wrote:
> If anything, having one version of a javascript library *hurts*
> Debian-as-a-platform. I would encourage a different approach altogether:
> explicit mutli-versioning (ideally for all upstream releases or for all
> upstream releases that ar
W dniu 24.10.2011 01:20, Ben Finney pisze:
I would very much like that to change – that programmers should expect a
single instance of a Javascript library to be useable across the OS, and
that a Javascript library without a dependable ABI should be shunned by
most application writers, and for ap
W dniu 24.10.2011 01:20, Ben Finney pisze:
I would very much like that to change – that programmers should expect a
single instance of a Javascript library to be useable across the OS, and
that a Javascript library without a dependable ABI should be shunned by
most application writers, and for ap
Hi,
On Wed, 26 Oct 2011, Jakub Wilk wrote:
> * Raphael Hertzog , 2011-10-26, 16:31:
> >For instance I just noticed that we can't install new widgets with
> >the current wordpress package due to some javascript related
> >problem. I'm not familiar enough with the codebase to investigate
> >it easil
* Raphael Hertzog , 2011-10-26, 16:31:
Also hopefully maintainers are using the packages they maintain and
will therefore notice when they are broken by newer JavaScript
libraries.
I do but I'm not using all the features all the time and I don't test
them for each upload.
For instance I jus
On Sun, 23 Oct 2011, Paul Wise wrote:
> More automated and manual testing can help here I guess.
Sure, but I don't expect Debian maintainers to write a test suite
when upstream hasn't created one. And testing an interactive web
application is a rather difficult problem.
> Also hopefully maintaine
Roland Mas writes:
> I don't do much library packaging myself, but it was my understanding
> that versions of libraries that break API/ABI are meant to go in
> different binary packages, usually with a version number in the package
> name. Javascript doesn't have an ABI, but libraries written
On Sun, Oct 23, 2011 at 5:29 PM, Paul Wise wrote:
> On Sun, Oct 23, 2011 at 11:13 PM, Raphael Hertzog wrote:
>
> > And with javascript libraries, there's no failure at build time,
> > you only discover much later when something is not working...
>
> This is the crux of the issue and it is not spe
On Sun, 23 Oct 2011, Paul Wise wrote:
> > And with javascript libraries, there's no failure at build time,
> > you only discover much later when something is not working...
> This is the crux of the issue and it is not specific to JavaScript
> libraries, anything that is interpreted has this issue
On Sun, Oct 23, 2011 at 11:13 PM, Raphael Hertzog wrote:
> And with javascript libraries, there's no failure at build time,
> you only discover much later when something is not working...
This is the crux of the issue and it is not specific to JavaScript
libraries, anything that is interpreted ha
Raphael Hertzog, 2011-10-23 17:13:17 +0200 :
[...]
> Unfortunately, blindly replacing the file with a symlink can
> create problems of its own. Upstream tested their application
> with the version of the library that they ship. Using another
> version might break things horribly, an example here:
Hello,
I would like to discuss our handling of embedded javascript libraries.
In theory, like any other embedded library, they are to be avoided and
we have a lintian warning catching many of the common cases:
http://lintian.debian.org/tags/embedded-javascript-library.html
Unfortunately, blindly
25 matches
Mail list logo