From: Gunnar Wrobel <wrobel@gentoo.org>
To: gentoo-web-user@lists.gentoo.org
Subject: Re: [gentoo-web-user] Java Script Libraries
Date: Thu, 23 Feb 2006 11:28:54 +0100 [thread overview]
Message-ID: <8764n6z7vd.fsf@monastery.lucy.homelinux.net> (raw)
In-Reply-To: <ADCB49082E30F44986E6FAC26F581BDF2219ED@baley.hq.boxuk.net> (Stuart Herbert's message of "Thu, 23 Feb 2006 09:49:26 -0000")
[-- Attachment #1: Type: text/plain, Size: 1908 bytes --]
"Stuart Herbert" <Stuart.Herbert@boxuk.com> writes:
> Mmm ... what are you trying to achieve here?
>
> a) /usr/share/js isn't served by any of our standard webserver installs;
> files you place in here aren't downloadable
Yes, sorry :) I already realized that it was a bad idea.
> b) web-based apps will expect the javascript libraries to sit in a
> specific location under the htdocs directory
> c) different web-based apps will ship different versions of javascript
> libraries
> d) sooner or later, web-based apps will ship javascript libraries with
> their own modifications. we already get that behaviour with apps that
> ship bundled PEAR packages.
Yes, these libraries are more like the webapps themselves. Simply does
not fit into our current concept. At least I don't see an easy
solution, so I'll just leave it for now.
> e) The Gentoo philosophy is to remain as close to upstream as possible.
> Because we're a meta-distribution, and not a traditional distribution
> like Red Hat, the only time we try and change what UPSTREAM does is when
> we absolutely have to.
While I agree that it is certainly easier to keep the packages as
UPSTREAM bundles them, I'm not convinced that this is always a good
idea. If the effort is small, I'd rather patch the package to use the
standard libraries and send the patch upstream. Not only because it's
simply bad programming style but also because it's easier to handle
security this way. The package I'm looking at right now includes an
old phpmailer library with a known DOS vulnerability. I'd rather have
one place to fix a library then checking for packages that bundle the
library.
Regards,
Gunnar
--
Gunnar Wrobel Gentoo Developer
__________________C_o_n_t_a_c_t__________________
Mail: wrobel@gentoo.org
WWW: http://www.gunnarwrobel.de
IRC: #gentoo-web at freenode.org
_________________________________________________
[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]
next prev parent reply other threads:[~2006-02-23 10:30 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-02-23 9:49 [gentoo-web-user] Java Script Libraries Stuart Herbert
2006-02-23 10:28 ` Gunnar Wrobel [this message]
-- strict thread matches above, loose matches on Subject: below --
2006-02-23 17:06 Stuart Herbert
2006-02-23 17:21 ` Adam Sroka
2006-02-23 14:41 Stuart Herbert
2006-02-23 14:53 ` Renat Lumpau
2006-02-23 16:40 ` Adam Sroka
2006-02-23 13:21 Stuart Herbert
2006-02-23 14:24 ` Gunnar Wrobel
2006-02-23 11:35 Stuart Herbert
2006-02-23 12:22 ` Gunnar Wrobel
2006-02-23 10:53 Stuart Herbert
2006-02-23 11:01 ` Gunnar Wrobel
2006-02-22 23:28 Gunnar Wrobel
2006-02-23 2:54 ` Renat Lumpau
2006-02-23 6:44 ` Gunnar Wrobel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8764n6z7vd.fsf@monastery.lucy.homelinux.net \
--to=wrobel@gentoo.org \
--cc=gentoo-web-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox