> -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of W. Martin Borgert > Sent: Wednesday, December 23, 2009 3:04 PM > To: [email protected]; Remy Blank > Subject: Re: [Trac] About including jQuery UI in Trac ... > > Quoting "Remy Blank" <[email protected]>: > > - Maybe I'm a bit naive, but what security issues could be in a > > JavaScript library? Security is provided by the browser, not the > > libraries, isn't it? > > In the case of JavaScript, the code runs in the browser, so maybe > it could influence client-side security. But in any case, there > can be errors in jQuery that need fixes, and there is no need to > replace Trac plus other servers, if you can just update jQuery. > > > - Trac expects to find jquery.js in trac/htdocs/js. So in the Debian > > packaging, you replace the file provided with Trac with a symlink to > the > > separately-packaged jquery.js? > > Yes. > > > - Do you keep several versions of jQuery installed at the same time > on > > a system, and for every package you link to the required version? > > There is only one jQuery package in Debian. I hope, that no need > arises to keep multiple versions around. Debian could cope with > that (we have a lot of libraries etc. in multiple versions), but > currently this is not supported for the jQuery package. > > > Packaging jQuery with Trac (besides simplifying dependencies) ensures > > that we can make changes to the Trac code required by a jQuery update > in > > sync with the update. > > This is also my fear: If jQuery is packaged with Trac, Trac will > maybe depend on a specific version of jQuery and it might be > harder for Debian and other distributions to make it work with > the version that is supported by the distribution. For jQuery > this is risk is probably very low, but it exists. > > > I also notice that Gentoo doesn't have a jQuery package (just a data > > point, certainly not an authoritative argument). > > I have a friend at Gentoo, I will immediately tell him, how much > better Debian and Ubuntu are, because we have this package :~) > > > This would probably be different for jQuery UI, though. I assume it > > includes images for the UI controls, so the "single file" argument > > drops. Does Debian package jQuery UI? How does it link it into the > > packages that need it? > > Currently we have in Debian: > > libjs-jquery: 1.3.3 > libjs-jquery-ui: 1.7.2 > libjs-flot: 0.5 > > Any package that needs a JavaScript Library just symlinks to file > it needs. E.g. libjs-jquery provides (among others) the file > /usr/share/javascript/jquery/jquery.js > The Trac package has a symlink > /usr/share/pyshared/trac/htdocs/js/jquery.js > to the above file. > > For Windows-Users it might better to have a kind of Trac meta-package, > which contains not only Trac and jQuery, but also other important > dependencies, i.e. Python libraries. Whenever I have to work with > Windows, I feel relieved, when there is an installer with all I need.
Just remember the alternative is that every plugin has its own copy. However much work it might be to retrofit Trac to use a central version, it will be much harder to do this for every plugin that wants to use jQuery UI. --Noah -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/trac-users?hl=en.
