Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

Adam Williamson awilliam at redhat.com
Wed Aug 31 17:49:09 UTC 2011

On Wed, 2011-08-31 at 19:35 +0200, Matej Cepl wrote:
> Dne 31.8.2011 19:31, Stephen John Smoogen napsal(a):
> > they all came from the same version of upstream jquery. And delivering
> > just one large jquery that can be used is not going to fit what either
> > upstreams, web developers OR their users want or need.
> I still haven't got the reason why jQuery cannot be “compiled” from the 
> source as any other source code? Why do you still talk about large 
> monstrosities? Nobody requires that.

often web apps only use one or two functions ripped out of a much larger
'library' - all of those packages which have bits of jquery in them are
unlikely to have *all* of jquery in them, and they probably don't have
the same little chunks.

I think this applies less to prototypejs, though: it's a single file,
and when I checked quickly, all the packages I looked at seemed to have
more or less the same version of it. I can do a more careful evaluation
if I get a bit of time, though, and see how much variance there really
is in the prototype.js files in all those packages.

jquery, at least, claims a very strong security history, with only one
fairly minor vulnerability. prototype.js has had at least one
significant vuln, as that bug link I put in my original mail shows.
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora

More information about the devel mailing list