F23 System Wide Change: jQuery

T.C. Hollingsworth tchollingsworth at gmail.com
Sun Jul 5 22:28:11 UTC 2015


On Mon, Jun 29, 2015 at 4:18 AM, Stef Walter <stefw at redhat.com> wrote:
> I think that as described, this change will cause more harm than good.
> As both an upstream and a packager of Cockpit I am against it in its
> current form.

Please note that this Change has already been implemented as approved
by FESCo for a previous Fedora release.  It has only been submitted
now for final announcement, since it was not complete by the Change
Freeze.

Turning back now would require blocking packages from the distribution
and reverting patches to packages that already depend on js-jquery*.
This cannot be done by FESCo merely rejecting this feature.

> With significant extra work (such as CI) perhaps the change could be
> less harmful, see below.
>
> 1. How will compatibility issues be handled? In the case of Cockpit,
> jQuery forms part of our future plugin API guarantees.
>
> The web application loses control of its dependencies, which normally
> form a intimate part of the app. How much bandwidth do you have to
> handle such bug reports?

If you depend on a particular release of jQuery, you are free to
package it in Fedora.  While I am only committing to maintaining the
latest 1.x and 2.x versions, it does not stop anyone else from
packaging older versions where necessary.  The general packaging
guidelines permit this and the JavaScript packaging guidelines contain
some extra considerations to make this easy.

> 2. Will Fedora have continuous integration running for all applications
> it modifies in this way so it can detect breakage? Or should upstream
> ignore bug reports from Fedora versions where their code has been
> patched, with regards to jQuery?

Fedora Quality Assurance is currently working on a continuous
integration system for the distribution and I assure you that I am
just as eager to use it as the next person.  But yes, right now we
don't even currently have the CI resources to check if the kernel
we're going to ship in rawhide tomorrow even boots!

I'm not sure why this would make upstream ignore bug reports.  Does
Mozilla ignore bug reports for Firefox on Fedora because we unbundle
libraries that they bundle in their upstream build and we don't have
CI?  I don't think so...

> 3. Most modern web applications compress and bundle their resources. For
> example in Cockpit, we:
>
>  * Gzip jQuery and all other javascript resources.

This is a matter for your web application/web server configuration and
is not affected by this change.

>  * Bundle them together with other resources and load them together
>    with other scripts in one HTTP response.

This is still allowed, though the new guidelines require these be
compiled using Fedora-provided sources and not bundled ones.

> You'll find this going on throughout most applications that care about
> load time or module loading.
>
>
> 4. Many web applications load jQuery from CDN (although not Cockpit,
> since it can be used with a non-internet connected server). Do you plan
> to patch these as well? If not, then why are these left out of the scope
> of the change?

This has always been forbidden, long before the new JavaScript guidelines:
"Software which downloads code bundles from the internet in order to
be functional or useful is not acceptable for inclusion in Fedora
(regardless of whether the downloaded code would be acceptable to be
packaged in Fedora as a proper dependency)." [1]

So presumably these are already patched, and this Change just makes
that quite a bit easier.  :-)

-T.C.

[1] http://fedoraproject.org/wiki/Packaging:Guidelines#Packages_which_are_not_useful_without_external_bits


More information about the devel mailing list