Re: How to handle embedded javascript/php libraries in WebApps

[Russ Allbery <rra@debian.org>]

Vasudev Kamath <kamathvasudev@gmail.com> writes:

> Friendica modifies the php library it is depending on heavily so it
> ships the embedded php library source along with it. Also it uses
> tinymce which is also highly modified version so If I symlink debian's
> version of tinymce it will render friendica useless. Same goes for
> embedded PHP libraries. But lintian barks at me saying I'm voilating
> policy by shipping these libraries along with friendica package.

> So I require some suggestion on how I can handle this situation.

It's unfortunately fairly common to have to override the Lintian warnings
about this, because using heavily modified versions of these libraries in
webapps seems rather common.  It would be nice if upstreams would try
harder to stick with the standard versions so that they can get the
benefit of bug fixes and security fixes, but there are usually serious API
stability problems with a lot of those libraries, combined with a
Java-style mindset of shipping known-good versions of everything rather
than looser coupling.

(From time to time, it feels like C is the only widely-used programming
language that's ever gotten ABI stability and loose coupling right; even
Java, which provides a lot of tools to try to get it right, doesn't offer
a good ABI versioning system, so if you do have to change the ABI, there
isn't a good way of handling the transition.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>