On Sat, Dec 26, 2009 at 6:01 PM, W. Martin Borgert <deba...@debian.org> wrote: > >> I don't feel like I >> want to check if they are compatible next time I'd like to use one. >> 15kBytes doesn't worth wasted hours. > > The issue is not 15 kB, but the problems Debian would have if an > error must be fixed in jQuery (e.g. a security problem). Currently, > around 58 packages depend on jQuery. In theory, each of them must > have their own copy.
1. Trac is not a package - it's an application. If there will be a problem in one of the files that shipped with Trac sources - it is a Trac bug. If in case of globally installed packages dependency analysis is a good (must) thing, then for standalone application autopsies contribute nothing to the quality of Debian releases. I would say quite contrary. In Python world there is a very nice thing called Virtualenv that was invented for Python Applications because global packages create stability mess. 2. Thing to consider. When you create Environment and "deploy" it with trac-admin (to generate fastcgi/mod_wsgi scripts) - copies of static resources for web-server, including JavaScript won't be updated when you fix your security package. Right now nobody handles this, but only trac-admin "upgrade" could potentially heal it given it will be able to detect old and new jQuery version in user Environment. > Trac does not even depend on jQuery, but only > recommends it, because Trac itself does not need jQuery. Martin, you are wrong. http://trac.edgewall.org/wiki/TracDev/ApiChanges/0.11#NewDependencies http://trac.edgewall.org/wiki/TracDev/JavaScript#jQuery >> The best solution would be to remove "15_remove_jquery_file.dpatch", > > If it is really important to have jQuery 1.2 around, the best way > would be to ask for a libjs-jquery-1.2 package and let Trac > recommend this package instead of libjs-jquery. Does that mean people won't be able to install Trac 0.12 on Lenny? Consider that when people jump from Trac 0.10 to 0.11 they usually create two instances of Trac before switch and new one usually should be run on the same server. That was true for trac-hacks.org (there virtualenv was used) and that is true with me too, except that I am constrained to use Debian packages and therefore used two Debian servers. Admins would really appreciate an ability to have two Trac major versions on the same server. > Anatoly, please file an ITP or RFP bug against the WNPP[1] > pseudo-package about libjs-jquery-1.2, OK? Set the maintainer of > libjs-jquery in Cc, maybe they will package 1.2 as well. I will > change the dependencies in Trac etc. as soon as the package is in. I fixed it with "aptitude install libjs-jquery=1.2.6" and it works for me. It may be useful for jQuery itself, but for Trac I still do not think it is appropriate to mess with Trac innards if Trac team don't list something as installation prerequisites. In any case the final decision is from maintainers. P.S. There is another reason why I won't fill ITP against libjs-jquery. Sorry for the ignorance, but I still didn't read Debian Bible and ITP, RFP, WNPP and the whole bug-entering process is too way complicated to squeeze into my head at once. It is that it is not as intuitive as web form or something - just have to do some things with Trac and a lot of new stuff to read. Anyways. Thanks for support. -- anatoly t. -- To UNSUBSCRIBE, email to debian-python-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
