[Guidelines Change] Changes to the Packaging Guidelines

Toshio Kuratomi a.badger at gmail.com
Mon Dec 13 16:13:49 UTC 2010 

On Sun, Dec 12, 2010 at 02:59:18AM +0300, Pavel Alexeev (aka Pahan-Hubbitus) wrote:
> 09.12.2010 17:46, Tom Callaway wrote:
> 
>     Here are the latest set of changes to the Fedora Packaging Guidelines:
> 
>     ---
>     ---
>     Some clarification has been added to the sections dealing with bundled
>     libraries, specifically that:
> 
>     In this RPM packaging context, the definition of the term 'library'
>     includes: compiled third party source code resulting in shared or static
>     linkable files, interpreted third party source code such as Python, PHP
>     and others. At this time JavaScript intended to be served to a web
>     browser is specifically exempted from this but this will likely change
>     in the future.
> 
>     https://fedoraproject.org/wiki/Packaging:Guidelines#Duplication_of_system_libraries
> 
> 
> JavaScript libraries may be bundled in any way? No additional guidelines for
> that?? Why?
> 
ATM they are not because not everyone is convinced that JavaScript has
security issues (Some people see JavaScript as data served by a web server
rather than code).   The code is executed on the client rather than the
server so the security concerns are different but the JavaScript Packaging
draft lays out the case for JavaScript libraries having similar concerns
despite that::
  https://fedoraproject.org/wiki/JavaScript_libraries_packaging_guideline_draft

Additionally, there is a lot of work involved in unbundling JavaScript
because I anticipate zero upstreams currently having build scripts that
anticipate being able to use unbundled JavaScript. So when we mandate this,
we want to be ready with working recipes for how to unbundle.

We would be very happy to have someone work on the JavaScript Guidelines and
try to get them into shape for the FPC to cote on them.  I've invited many
people to work on that but no one has taken me up on that so far.

Also note, the new wording in duplication of System Libraries makes clear
that JavaScript that is being used on the local system is not allowed to be
bundled (For instance, server-side JavaScript and bindings to libraries)
whereas previous versions left that ambiguous.

-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20101213/ec3b6029/attachment-0001.bin

More information about the devel mailing list