Gentoo Archives: gentoo-web-user

From: Stuart Herbert <Stuart.Herbert@×××××.com>
To: gentoo-web-user@l.g.o
Subject: RE: [gentoo-web-user] Java Script Libraries
Date: Thu, 23 Feb 2006 10:54:59
Message-Id: ADCB49082E30F44986E6FAC26F581BDF221A0C@baley.hq.boxuk.net
> While I agree that it is certainly easier to keep the packages as > UPSTREAM bundles them, I'm not convinced that this is always a good > idea. If the effort is small, I'd rather patch the package to use the > standard libraries and send the patch upstream. Not only because it's > simply bad programming style but also because it's easier to handle > security this way.
Best of luck with that ... but don't be surprised if UPSTREAM do not adopt these patches. It's not always bad programming style - it's often the only pragmatic thing to do. UPSTREAM bundle libraries because bitter experience (with poor ISP and shared hosting solutions) has taught the PHP community that if you need a third-party library and you don't bundle it, chances are that the third-party library won't be available. (The PHP and PEAR community also have to accept a lot of the blame for this state of affairs, by failing to provide an equivalent to CPAN from day one). Best regards, Stu -- gentoo-web-user@g.o mailing list

Replies

Subject Author
Re: [gentoo-web-user] Java Script Libraries Gunnar Wrobel <wrobel@g.o>