[Pkg-roundcube-maintainers] Bug#785333: Bug#785333: broken contextmenu due to jquery

Craig Small csmall at debian.org
Fri Jun 5 12:10:53 UTC 2015


Hi,
  I'm the Debian maintainer for wordpress.  It seems that there might be
similar problems with roundcube and wordpress and jquery.

The short answer is that if you are not too careful mixing jquery and
other js modules together in a random way will mean stuff breaks.
Javascript isn't as advanced with things such as cross-package
compatibility such as C libraries (and there were years of pain to get
there) and changing versions around will break stuff.

My take for wordpress is for things that there are the right versions
I'll use them, but for a lot of javascript modules they are not the
right versions and I'll keep with the ones that ship with wordpress.

There is this idealistic view that using the Debian packages (e.g. the
Debian jquery package) instead of embedding means its easier to fix
security bugs. It would mean a jquery bug would need to be fixed once
and all dependent packages would be "automatically" fixed.

As an idea, its great and for php includes I try to do this. In reality
for javascript modules especially it plain does not work. You end up
quite often with programs that are broken.

Oh, and by the way, both roundcube and wordpress ship with newer versions
of jquery not older. jquery in Debian is positively ancient, it was
released in 2012.

libjs-jquery: 1.7.2 2012
wordpress: 1.11.1 May 2014
roundcube: 2.1.3 Dec 2014

Someone tell me why its a good idea to run such an ancient jquery?
"because rules" isn't a good enough reason.
Before people embarked on this useless crusade, did anyone realise
that there are two jquery streams and wedging a jquery-2.x app into an
ancient jquery-1.x would end in tears?

The no embedding rule is not an absolute rule. There is no rule that
says "You must embed even if it means you must have a broken package as
a result". This absolutism is unhelpful in wordpress and unhelpful in
roundcube.

The must ship non-minified sources is a tad annoying but for me I
generally do this.  They have to be there but generally I don't build
off them. If the bug is bad enough I'd probably directly edit the
minified file anyhow.

My suggestion is to revert back to what roundcube ships but find the
non-minified sources to put in the source package; they must be
around somewhere.

My personal opinion is that this whole jquery embedded discussion is a
complete abuse of 4.13 of the Debian policy and a total waste of time.
Get jquery package up to date and maintained (I know there are
difficulties) first before worrying about embedded jqueries.

 - Craig
-- 
Craig Small (@smallsees)   http://enc.com.au/       csmall at : enc.com.au
Debian GNU/Linux           http://www.debian.org/   csmall at : debian.org
GPG fingerprint:        5D2F B320 B825 D939 04D2  0519 3938 F96B DF50 FEA5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20150605/fcca1d35/attachment.sig>


More information about the Pkg-roundcube-maintainers mailing list