[Pkg-monitoring-maintainers] Bug#736104: [Ganglia-developers] ganglia-web package at risk

Mon Mar 3 20:08:08 UTC 2014

That would be fine with me if that is what it takes. Include the full 
blown Jquery UI.

Thanks,

Vladimir

On 03/03/2014 01:25 PM, Daniel Pocock wrote:
>
> On 04/02/14 14:56, Daniel Pocock wrote:
>> On 04/02/14 14:47, Chris Burroughs wrote:
>>> I thought the distro anti-bundling stance was paired with a "we
>>> already have X so you should just depend on it".  I'm not sure how
>>> this works with javascript.   Is there some debian "jquery package"
>>> that could be depended on?
>> There is a jQuery package in Debian, but it is a slightly older version
>>
>> There are various issues that motivate these rules/policies in
>> distributions:
>>
>> - disk space
>>
>> - security updates (better to just have one copy of X to update in one
>> shot, hard to find multiple bundled copies of X and check they all have
>> the latest/necessary security patches)
>>
>> - source - bundling any minified artifact is not consider to be real
>> source code
>>
>> That said, given that every project seems to depend on a different
>> version of jQuery, there is some leniency - Debian accepts bundled
>> copies of some things like jQuery as long as they are not minified.  It
>> is perfectly OK to minify them in an installation script, but the source
>> tarball from the Ganglia web site must be 100% readable source code.
>>
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736104
>
> I had a quick look at this and found that the jquery-ui stuff is not
> cleanly available as source because of the way it is built as a custom
> JavaScript file using the tool here:
>
>     https://jqueryui.com/download
>
> so it is not a quick fix for me to simply drop in uncompressed JavaScript.
>
> What can be done is that instead of using the "custom" method to get
> jquery-ui, perhaps the full source from here:
>      https://jqueryui.com/resources/download/jquery-ui-1.10.4.zip
> can be downloaded into the ganglia-web repository (including both the
> minified and the human readable version) and then the full minified .js
> file (rather than a custom.min.js file) can be used within ganglia-web
>
> Are the ganglia-web developers happy to support that version of
> jquery-ui?  Is there any reason the custom version has to be used?
>
> The package has now taken the first step towards being completely
> dropped from Debian and Ubuntu:
> http://packages.qa.debian.org/g/ganglia-web.html
>
> so it is important that we agree on a solution for 3.5.13 or it will be
> completely missing from the upcoming Ubuntu "trusty" release and the
> Debian 8 release early next year.
>
> Regards,
>
> Daniel
>
>
> ------------------------------------------------------------------------------
> Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
> With Perforce, you get hassle-free workflows. Merge that actually works.
> Faster operations. Version large binaries.  Built-in WAN optimization and the
> freedom to use Git, Perforce or both. Make the move to Perforce.
> http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
> _______________________________________________
> Ganglia-developers mailing list
> Ganglia-developers at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ganglia-developers