[Bug 457343] Review Request: jquery - Fast, concise library that simplifies how you use javascript

Fri Aug 19 17:22:56 UTC 2011

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

https://bugzilla.redhat.com/show_bug.cgi?id=457343

François Kooman <fkooman at tuxed.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Depends on|                            |634911

--- Comment #10 from François Kooman <fkooman at tuxed.net> 2011-08-19 13:22:54 EDT ---
> Like I say, I'm not using jquery now so I don't know the extent of the sizzle
> problem.  Does jquery actually require sizzle?  Is it something that gets
> included into jquery when jquery is "built"?  Need more information here....

Yeah, it gets included during "build". It can be extracted (i.e.: not included
during building with some Makefile modifications), but I guess you need to then
include "js/sizzle.js" before including "js/jquery.js" in your application.
Would that be an acceptable requirement for packagers?

> What "static linking" adds is the ability to track what libraries (and
> depending on the actual deps that we use, also their versions) are being used
> by an application.  That way if foo was using jquery-1.0 and jquery-1.1 is
> released that fixes an issue (security, major bugfix, change to a more
> permissive license, etc) found in jquery-1.0 we'd know what software was using
> the old jquery and be able to rebuild them with the new version.

Above you suggested to copy the jquery.js in the package itself. Would
requiring a specific version of jquery (the one currently available in the
distro you are packaging for) already be enough? So in the spec you can say:

   Requires: jquery = 1.6.2

That will take care of screaming when the jquery package gets updated and force
the application packager to take action... Annoying if there is a new version
every month...

> It would probably be good to have both minified and "source" versions
> installed.  GPL compliance would make this a requirement for some libraries...
> (possibly if it was the app was GPL although I'm very unclear on this.)

Yep, that was the intention anyway...

> Yeah -- I think we should have multiple packages.  whether that's one for the
> current version and one for all older versions or one for each older version
> I'm not sure.  And how to set those up internally I'm not sure.

That is a big issue, not sure a correct answer exists. I saw Debian ships quite
a few js libs, including jquery named libjs-jquery. It seems they just have one
version and keep that for the life of the distro... That would also be an
option, only upgrade the package in rawhide and never upgrade the released
distro after it is released. I'm not sure in the case of jquery there are any
security updates to old versions of jquery anyway...

> Hmm... If jquery is being shipped minified, we'd have to create that minified
> version from the source version no matter what.

It ships both minified and unminified. But I guess if we want to provide the
minified version as well we need to "translate" it ourselves.

> nodejs was under review but Lubomir seems to have disappeared:
> https://bugzilla.redhat.com/show_bug.cgi?id=634911

Added this bug to depend on 634911.

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.