[pkg-php-pear] Bug#781414: Embedded code copies

Gunnar Wolf gwolf at gwolf.org
Thu Apr 2 04:52:54 UTC 2015 

Hi David!

Sorry for the lateness - I'm currently devoid of free time, and my
package maintainance status has suffered :(

> I just noticed that the collabtive package embeds its own copy of (at
> least) HTMLPurifier (as available in the php-htmlpurifier package) and
> phpseclib (as available in the php-seclib package).

Right. Just please help me with this. There are two different
questions I have on those libraries:

- For php-seclib, after a quick diff, the version I currently have in
  Sid (0.3.8-1) seems clearly newer (and quite clearly, consisting
  mainly of bugfixes) than the one I'm shipping with Collabtive. I am
  unfamiliar with this library, so... In your experience, how
  incompatible would you expect a new version to be? Do you think I
  could just drop in the new one and not suffer too much?

- As for php-htmlpurifier, it seems we are lucky as both packages
  carry 4.6.0. However, the one in Collabtive is a standalone file,
  stating in its header:

 * This file was auto-generated by generate-includes.php and includes all of
 * the core files required by HTML Purifier. Use this if performance is a
 * primary concern and you are using an opcode cache. PLEASE DO NOT EDIT THIS
 * FILE, changes will be overwritten the next time the script is run.

So... Do you know what'd be the best way for this file to be replaced
(or generated) from the package we are shipping?

> It looks like most existing PHP classes used as dependencies are
> currently symlinked. You may consider including them from where they
> belong instead.

I prefered symlinking as it requires less patching of the upstream
code. But, of course, if the PHP packaging group's best practices are
to patch, I will do so. Just please confirm!



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20150401/f1a500df/attachment.sig>

More information about the pkg-php-pear mailing list