[Pkg-roundcube-maintainers] Bug#785333: Bug#785333: broken contextmenu due to jquery

Sandro Knauß bugs at sandroknauss.de
Sat Jun 6 08:24:41 UTC 2015


Well yes absolutism is not good for sure :) But especially wide used libs like 
jquery should not be embeded everywhere. Embeding stuff that isn't used 
elsewhere is fair enough.

IMO we should work together to get the versions of jquery into debian in a 
propper way, so roundcube and wordpress and all other can consume it. We 
should maybe start a wider discussion how to handle javascript, because 
otherwise the only working solution is, that every webapp has to ship all the 
3rd party javascript. The base problem i see is that webapp tend with their 
bundleing to create a monolitic blob. Where no changes are possible. And on 
the other hand the javascript libs that break the API very rapidly.  I see the 
problems and see at the moment no good solution, but I can't imagine, that 
this is a problem that could not be solved.

> Someone tell me why its a good idea to run such an ancient jquery?

You can also ask, why I use ancient openoffice in debian stable,... Well the 
awnser is the same, if jquery is packaged, i can simply consume it, otherwise 
I have to package it on my own. But yes, use it and have a broken product is 
not the intension at all...



Am Freitag, 5. Juni 2015, 22:10:53 schrieb Craig Small:
> Hi,
>   I'm the Debian maintainer for wordpress.  It seems that there might be
> similar problems with roundcube and wordpress and jquery.
> The short answer is that if you are not too careful mixing jquery and
> other js modules together in a random way will mean stuff breaks.
> Javascript isn't as advanced with things such as cross-package
> compatibility such as C libraries (and there were years of pain to get
> there) and changing versions around will break stuff.
> My take for wordpress is for things that there are the right versions
> I'll use them, but for a lot of javascript modules they are not the
> right versions and I'll keep with the ones that ship with wordpress.
> There is this idealistic view that using the Debian packages (e.g. the
> Debian jquery package) instead of embedding means its easier to fix
> security bugs. It would mean a jquery bug would need to be fixed once
> and all dependent packages would be "automatically" fixed.
> As an idea, its great and for php includes I try to do this. In reality
> for javascript modules especially it plain does not work. You end up
> quite often with programs that are broken.
> Oh, and by the way, both roundcube and wordpress ship with newer versions
> of jquery not older. jquery in Debian is positively ancient, it was
> released in 2012.
> libjs-jquery: 1.7.2 2012
> wordpress: 1.11.1 May 2014
> roundcube: 2.1.3 Dec 2014
> Someone tell me why its a good idea to run such an ancient jquery?
> "because rules" isn't a good enough reason.
> Before people embarked on this useless crusade, did anyone realise
> that there are two jquery streams and wedging a jquery-2.x app into an
> ancient jquery-1.x would end in tears?
> The no embedding rule is not an absolute rule. There is no rule that
> says "You must embed even if it means you must have a broken package as
> a result". This absolutism is unhelpful in wordpress and unhelpful in
> roundcube.
> The must ship non-minified sources is a tad annoying but for me I
> generally do this.  They have to be there but generally I don't build
> off them. If the bug is bad enough I'd probably directly edit the
> minified file anyhow.
> My suggestion is to revert back to what roundcube ships but find the
> non-minified sources to put in the source package; they must be
> around somewhere.
> My personal opinion is that this whole jquery embedded discussion is a
> complete abuse of 4.13 of the Debian policy and a total waste of time.
> Get jquery package up to date and maintained (I know there are
> difficulties) first before worrying about embedded jqueries.
>  - Craig
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-roundcube-maintainers/attachments/20150606/5de0efc2/attachment.sig>

More information about the Pkg-roundcube-maintainers mailing list