Quoting "Remy Blank" <remy.bl...@pobox.com>: > - Maybe I'm a bit naive, but what security issues could be in a > JavaScript library? Security is provided by the browser, not the > libraries, isn't it?
In the case of JavaScript, the code runs in the browser, so maybe it could influence client-side security. But in any case, there can be errors in jQuery that need fixes, and there is no need to replace Trac plus other servers, if you can just update jQuery. > - Trac expects to find jquery.js in trac/htdocs/js. So in the Debian > packaging, you replace the file provided with Trac with a symlink to the > separately-packaged jquery.js? Yes. > - Do you keep several versions of jQuery installed at the same time on > a system, and for every package you link to the required version? There is only one jQuery package in Debian. I hope, that no need arises to keep multiple versions around. Debian could cope with that (we have a lot of libraries etc. in multiple versions), but currently this is not supported for the jQuery package. > Packaging jQuery with Trac (besides simplifying dependencies) ensures > that we can make changes to the Trac code required by a jQuery update in > sync with the update. This is also my fear: If jQuery is packaged with Trac, Trac will maybe depend on a specific version of jQuery and it might be harder for Debian and other distributions to make it work with the version that is supported by the distribution. For jQuery this is risk is probably very low, but it exists. > I also notice that Gentoo doesn't have a jQuery package (just a data > point, certainly not an authoritative argument). I have a friend at Gentoo, I will immediately tell him, how much better Debian and Ubuntu are, because we have this package :~) > This would probably be different for jQuery UI, though. I assume it > includes images for the UI controls, so the "single file" argument > drops. Does Debian package jQuery UI? How does it link it into the > packages that need it? Currently we have in Debian: libjs-jquery: 1.3.3 libjs-jquery-ui: 1.7.2 libjs-flot: 0.5 Any package that needs a JavaScript Library just symlinks to file it needs. E.g. libjs-jquery provides (among others) the file /usr/share/javascript/jquery/jquery.js The Trac package has a symlink /usr/share/pyshared/trac/htdocs/js/jquery.js to the above file. For Windows-Users it might better to have a kind of Trac meta-package, which contains not only Trac and jQuery, but also other important dependencies, i.e. Python libraries. Whenever I have to work with Windows, I feel relieved, when there is an installer with all I need. Cheers -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to trac-us...@googlegroups.com. To unsubscribe from this group, send email to trac-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
