Gentoo Archives: gentoo-web-user

From: Gunnar Wrobel <wrobel@g.o>
To: gentoo-web-user@l.g.o
Subject: Re: [gentoo-web-user] Java Script Libraries
Date: Thu, 23 Feb 2006 10:30:07
In Reply to: RE: [gentoo-web-user] Java Script Libraries by Stuart Herbert
"Stuart Herbert" <Stuart.Herbert@×××××.com> writes:

> Mmm ... what are you trying to achieve here? > > a) /usr/share/js isn't served by any of our standard webserver installs; > files you place in here aren't downloadable
Yes, sorry :) I already realized that it was a bad idea.
> b) web-based apps will expect the javascript libraries to sit in a > specific location under the htdocs directory > c) different web-based apps will ship different versions of javascript > libraries > d) sooner or later, web-based apps will ship javascript libraries with > their own modifications. we already get that behaviour with apps that > ship bundled PEAR packages.
Yes, these libraries are more like the webapps themselves. Simply does not fit into our current concept. At least I don't see an easy solution, so I'll just leave it for now.
> e) The Gentoo philosophy is to remain as close to upstream as possible. > Because we're a meta-distribution, and not a traditional distribution > like Red Hat, the only time we try and change what UPSTREAM does is when > we absolutely have to.
While I agree that it is certainly easier to keep the packages as UPSTREAM bundles them, I'm not convinced that this is always a good idea. If the effort is small, I'd rather patch the package to use the standard libraries and send the patch upstream. Not only because it's simply bad programming style but also because it's easier to handle security this way. The package I'm looking at right now includes an old phpmailer library with a known DOS vulnerability. I'd rather have one place to fix a library then checking for packages that bundle the library. Regards, Gunnar -- Gunnar Wrobel Gentoo Developer __________________C_o_n_t_a_c_t__________________ Mail: wrobel@g.o WWW: IRC: #gentoo-web at _________________________________________________