Re: Dealing with embedded javascript libraries

To: Michael Gilbert <michael.s.gilbert@gmail.com>
Cc: debian-devel@lists.debian.org
Subject: Re: Dealing with embedded javascript libraries
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 27 Oct 2011 00:28:52 +0100
Message-id: <[🔎] 20136.38836.832796.412159@chiark.greenend.org.uk>
In-reply-to: <[🔎] CANTw=MOZQNeauKuGZDvf1EOWPCmt9DGLarqWrkWm3_3W-WKw9A@mail.gmail.com>
References: <[🔎] 20111023151317.GA26161@rivendell.home.ouaza.com> <[🔎] 87y5wbvi9s.fsf@mirexpress.internal.placard.fr.eu.org> <[🔎] 87bot7l2hb.fsf@benfinney.id.au> <[🔎] 4EA889CB.4070109@canonical.com> <[🔎] CANTw=MOZQNeauKuGZDvf1EOWPCmt9DGLarqWrkWm3_3W-WKw9A@mail.gmail.com>

Michael Gilbert writes ("Re: Dealing with embedded javascript libraries"):
> There isn't any real technical factor limiting the number of versions
> to one.  Theoretically, there could both jquery1.4 and jquery1.6
> source packages coexisting (as long as the binary files are
> appropriately versioned as well).  Thus if wordpress only works with
> 1.4, then it can use that temporarily until it gets updated to support
> 1.6 (or whatever the problem it was that started this discussion).

The difficulty is that if we end up with ten different versions of
some random javascript library, when it turns out to have a security
vulnerability we need to somehow backport the patch to each of those
ten versions.

And here "we" means the security team, not the people who uploaded the
ten versions in the first place.

So this is rather unpalatable.

Ian.

Reply to:

Follow-Ups:
- Re: Dealing with embedded javascript libraries
  - From: Paul Wise <pabs@debian.org>
- Re: Dealing with embedded javascript libraries
  - From: Pau Garcia i Quiles <pgquiles@elpauer.org>

References:
- Dealing with embedded javascript libraries
  - From: Raphael Hertzog <hertzog@debian.org>
- Re: Dealing with embedded javascript libraries
  - From: Roland Mas <lolando@debian.org>
- Re: Dealing with embedded javascript libraries
  - From: Ben Finney <ben+debian@benfinney.id.au>
- Re: Dealing with embedded javascript libraries
  - From: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
- Re: Dealing with embedded javascript libraries
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: Dealing with embedded javascript libraries
Next by Date: Re: Dealing with embedded javascript libraries
Previous by thread: Re: Dealing with embedded javascript libraries
Next by thread: Re: Dealing with embedded javascript libraries
Index(es):
- Date
- Thread