[Fedora-packaging] jquery bundling for new packages
T.C. Hollingsworth
tchollingsworth at gmail.com
Mon Sep 23 14:26:27 UTC 2013
On Sun, Sep 22, 2013 at 10:57 PM, Dridi Boukelmoune
<dridi.boukelmoune at gmail.com> wrote:
> Hi,
>
> My 2 cents,
>
> JQuery is a library that "often" breaks compatibility (compared to
> what I'm used to). Having one version of each branch sounds a bit
> restrictive.
It's not as bad as it used to be when jQuery was younger. It's moving along
much more stably nowadays, and I'm sure upstream will provide migration
strategies like jquery-migrate when/if it becomes necessary in the future.
Again, parallel-installable compat versions are an option where absolutely
necessary, but they're rightfully strongly discouraged.
> This is javascript. The language is too dynamic and permissive for me
> to feel comfortable with an automated migration. What if the project
> uses some eval magic ? Does it work with both dotted and bracketed
> notations ..?
It's not an automated migration, python 2to3-style, if that's what you were
thinking. It uses the standard jQuery plugin interface to add back the various
interfaces that were removed, and works everywhere jQuery itself works. This
is JavaScript, you can do a lot of crazy stuff with prototypes. ;-)
But, keep in mind that also means that it'll happily add back dangerous features
that were removed for good reason, like stuff that makes XSS as easy as PHP used
to make SQL injection. :-P This is why it's a crutch and porting is strongly
recommended where possible.
Also, I forgot to mention: you can also add jquery-migrate to any page using
jquery < 1.9 and it'll emit warnings to help you port your code.
> While I agree with you, I also understand people who don't want to
> migrate "just because" when the application is stable. Especially with
> a library like jQuery that tends to rapidly deprecate and remove
> stuff.
This boils down to the whole reason we ban bundled libraries in the first place:
https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Old_Code
Limping along with old code because "it just works" even though it's
unmaintained has never been acceptable in Fedora. I see no compelling reason
why JS should be any different and lots of good reasons why it should.
To pick on PHP again, there's an example of something that rapidly iterated in
response to security/design flaws in often backwards-incompatible ways. Nobody
would have ever dreamed about keeping an old version of PHP around just because
some application relied on bad ideas like register_globals.
-T.C.
More information about the packaging
mailing list