[Python-apps-team] Bug#724287: rt4-extension-jsgantt, trac-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
Jonas Smedegaard
dr at jones.dk
Tue Oct 8 13:15:14 UTC 2013
Quoting Satoru KURASHIKI (2013-10-08 14:34:49)
> On Mon, Sep 23, 2013 at 8:56 PM, Jonas Smedegaard <dr at jones.dk> wrote:
>> Packages rt4-extension-jsgantt and trac-jsgantt embed the Javascript
>> library jsgantt.
>>
>> That Javascript library should instead be packaged separately and
>> depended upon. Package name should be libjs-jsgantt according to
>> <https://wiki.debian.org/Javascript/Policy>.
>>
>> This issue potentially affects security: See Debian Policy 3.9.4 §
>> 4.13.
>
> Unfortunately, rt-extension-jsgantt includes modified version of
> jsgantt to work with rt, so it couldn't depend on libjs-jsgantt
Ah, right - here are the diffs:
https://github.com/bestpractical/rt-extension-jsgantt/tree/master/etc
The libjs-jsgantt package could include wiht its source the above diffs
and apply them at build time, to also offer in the binary package the
patched variant usable for RT.
I believe that is much better than status quo.
> if it exists.
Package libjs-jsgantt does not yet exist. Just now I filed bug#725794,
and intend to do the packaging unless (preferred) someone else in the
Javascript team picks it up.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20131008/243e212e/attachment.sig>
More information about the Python-apps-team
mailing list