[Pkg-roundcube-maintainers] Bug#785333: Bug#785333: broken contextmenu due to jquery
csmall at debian.org
Fri Jun 5 12:10:53 UTC 2015
I'm the Debian maintainer for wordpress. It seems that there might be
similar problems with roundcube and wordpress and jquery.
The short answer is that if you are not too careful mixing jquery and
other js modules together in a random way will mean stuff breaks.
compatibility such as C libraries (and there were years of pain to get
there) and changing versions around will break stuff.
My take for wordpress is for things that there are the right versions
right versions and I'll keep with the ones that ship with wordpress.
There is this idealistic view that using the Debian packages (e.g. the
Debian jquery package) instead of embedding means its easier to fix
security bugs. It would mean a jquery bug would need to be fixed once
and all dependent packages would be "automatically" fixed.
As an idea, its great and for php includes I try to do this. In reality
quite often with programs that are broken.
Oh, and by the way, both roundcube and wordpress ship with newer versions
of jquery not older. jquery in Debian is positively ancient, it was
released in 2012.
libjs-jquery: 1.7.2 2012
wordpress: 1.11.1 May 2014
roundcube: 2.1.3 Dec 2014
Someone tell me why its a good idea to run such an ancient jquery?
"because rules" isn't a good enough reason.
Before people embarked on this useless crusade, did anyone realise
that there are two jquery streams and wedging a jquery-2.x app into an
ancient jquery-1.x would end in tears?
The no embedding rule is not an absolute rule. There is no rule that
says "You must embed even if it means you must have a broken package as
a result". This absolutism is unhelpful in wordpress and unhelpful in
The must ship non-minified sources is a tad annoying but for me I
generally do this. They have to be there but generally I don't build
off them. If the bug is bad enough I'd probably directly edit the
minified file anyhow.
My suggestion is to revert back to what roundcube ships but find the
non-minified sources to put in the source package; they must be
My personal opinion is that this whole jquery embedded discussion is a
complete abuse of 4.13 of the Debian policy and a total waste of time.
Get jquery package up to date and maintained (I know there are
difficulties) first before worrying about embedded jqueries.
Craig Small (@smallsees) http://enc.com.au/ csmall at : enc.com.au
Debian GNU/Linux http://www.debian.org/ csmall at : debian.org
GPG fingerprint: 5D2F B320 B825 D939 04D2 0519 3938 F96B DF50 FEA5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: Digital signature
More information about the Pkg-roundcube-maintainers