Re: jQuery dependency for Trac 0.11 should be < 1.3
On Sat, Dec 26, 2009 at 6:01 PM, W. Martin Borgert <debacle@debian.org> wrote:
>
>> I don't feel like I
>> want to check if they are compatible next time I'd like to use one.
>> 15kBytes doesn't worth wasted hours.
>
> The issue is not 15 kB, but the problems Debian would have if an
> error must be fixed in jQuery (e.g. a security problem). Currently,
> around 58 packages depend on jQuery. In theory, each of them must
> have their own copy.
1. Trac is not a package - it's an application. If there will be a
problem in one of the files that shipped with Trac sources - it is a
Trac bug. If in case of globally installed packages dependency
analysis is a good (must) thing, then for standalone application
autopsies contribute nothing to the quality of Debian releases. I
would say quite contrary. In Python world there is a very nice thing
called Virtualenv that was invented for Python Applications because
global packages create stability mess.
2. Thing to consider. When you create Environment and "deploy" it with
trac-admin (to generate fastcgi/mod_wsgi scripts) - copies of static
resources for web-server, including JavaScript won't be updated when
you fix your security package. Right now nobody handles this, but only
trac-admin "upgrade" could potentially heal it given it will be able
to detect old and new jQuery version in user Environment.
> Trac does not even depend on jQuery, but only
> recommends it, because Trac itself does not need jQuery.
Martin, you are wrong.
http://trac.edgewall.org/wiki/TracDev/ApiChanges/0.11#NewDependencies
http://trac.edgewall.org/wiki/TracDev/JavaScript#jQuery
>> The best solution would be to remove "15_remove_jquery_file.dpatch",
>
> If it is really important to have jQuery 1.2 around, the best way
> would be to ask for a libjs-jquery-1.2 package and let Trac
> recommend this package instead of libjs-jquery.
Does that mean people won't be able to install Trac 0.12 on Lenny?
Consider that when people jump from Trac 0.10 to 0.11 they usually
create two instances of Trac before switch and new one usually should
be run on the same server. That was true for trac-hacks.org (there
virtualenv was used) and that is true with me too, except that I am
constrained to use Debian packages and therefore used two Debian
servers. Admins would really appreciate an ability to have two Trac
major versions on the same server.
> Anatoly, please file an ITP or RFP bug against the WNPP[1]
> pseudo-package about libjs-jquery-1.2, OK? Set the maintainer of
> libjs-jquery in Cc, maybe they will package 1.2 as well. I will
> change the dependencies in Trac etc. as soon as the package is in.
I fixed it with "aptitude install libjs-jquery=1.2.6" and it works for
me. It may be useful for jQuery itself, but for Trac I still do not
think it is appropriate to mess with Trac innards if Trac team don't
list something as installation prerequisites. In any case the final
decision is from maintainers.
P.S. There is another reason why I won't fill ITP against
libjs-jquery. Sorry for the ignorance, but I still didn't read Debian
Bible and ITP, RFP, WNPP and the whole bug-entering process is too way
complicated to squeeze into my head at once. It is that it is not as
intuitive as web form or something - just have to do some things with
Trac and a lot of new stuff to read.
Anyways. Thanks for support.
--
anatoly t.
Reply to: