FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-31-2011, 06:46 AM
Adam Williamson
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

On Wed, 2011-08-31 at 07:52 +0200, Remi wrote:
> >From : https://fedoraproject.org/wiki/Packaging:Guidelines#Duplication_of_system_librari es
>
> "At this time JavaScript intended to be served to a web browser is specifically exempted from this but this will likely change in the future."
>
> This explain why so much .js libraries are bundled in so much wedapps.

Ah, thanks. I missed that. Still, it seems bad to be duplicating some
very popular js quite so much:

[root@adam lib]# repoquery -f */prototype.js
rubygem-thin-doc-0:1.2.11-3.fc16.x86_64
rubygem-railties-0:3.0.9-2.fc16.noarch
rt3-0:3.8.10-4.fc16.noarch
rubygem-json_pure-doc-0:1.5.1-1.fc16.noarch
zabbix-web-0:1.8.6-1.fc16.noarch
frepple-0:0.8.1-4.fc16.x86_64
rubygem-scruffy-doc-0:0.2.6-2.fc15.noarch
zikula-0:1.2.3-2.fc15.noarch
rubygem-gettext_rails-doc-0:2.1.0-3.fc14.noarch
rubygem-railties-0:3.0.10-1.fc16.noarch
horde-0:3.3.11-2.fc15.noarch
turba-0:2.3.5-2.fc15.noarch
rubygem-actionpack-1:3.0.10-1.fc16.noarch
WebCalendar-0:1.2.3-4.fc16.noarch
pnp4nagios-0:0.4.14-5.fc15.x86_64
frepple-0:0.8.1-4.fc16.i686
dogtag-pki-tps-theme-0:9.0.6-1.fc16.noarch
mantis-0:1.2.4-2.fc15.noarch
imp-0:4.3.9-2.fc15.noarch
wordpress-0:3.2.1-2.fc16.noarch
mediatomb-0:0.12.1-12.fc16.x86_64
mythweb-0:0.24.1-1.fc15.x86_64
rubygem-shoulda-doc-0:2.11.3-1.fc15.noarch
rubygem-calendar_date_select-0:1.15-4.fc13.noarch
rubygem-locale_rails-doc-0:2.0.5-7.fc15.noarch
ingo-0:1.2.5-1.fc15.noarch
rubygem-json-doc-0:1.4.6-3.fc15.x86_64
smokeping-0:2.4.2-12.fc15.noarch
kronolith-0:2.3.4-2.fc15.noarch
asterisk-0:1.8.5.0-1.fc16.2.x86_64
rubygem-activeldap-doc-0:1.2.2-2.fc15.noarch
wordpress-0:3.2.1-2.fc16.noarch
zabbix-web-0:1.8.6-1.fc16.noarch
python-Scriptaculous-0:1.8.2-6.fc15.noarch
rubygem-actionpack-1:3.0.9-1.fc16.noarch

erk.

Still, it means for now I only need to worry about the PHP stuff...
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 07:17 AM
Yanko Kaneti
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

On Tue, 2011-08-30 at 23:46 -0700, Adam Williamson wrote:
> On Wed, 2011-08-31 at 07:52 +0200, Remi wrote:
> > >From : https://fedoraproject.org/wiki/Packaging:Guidelines#Duplication_of_system_librari es
> >
> > "At this time JavaScript intended to be served to a web browser is specifically exempted from this but this will likely change in the future."
> >
> > This explain why so much .js libraries are bundled in so much wedapps.
>
> Ah, thanks. I missed that. Still, it seems bad to be duplicating some
> very popular js quite so much:
>
> [root@adam lib]# repoquery -f */prototype.js
.....many.....

# repoquery -f '*/jquery*.js' --qf="%{NAME}
" | sort | uniq | wc -l
356

jQuery FTW

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 11:12 AM
Mattias Ellert
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

ons 2011-08-31 klockan 10:17 +0300 skrev Yanko Kaneti:

> # repoquery -f '*/jquery*.js' --qf="%{NAME}
" | sort | uniq | wc -l
> 356
>
> jQuery FTW

Most of these are probably doxygen generated documentation. Recent
versions of doxygen provides a search option for the generated html
documentation and a copy of jquery.js.

At the moment jquery is not package as a separate package. If it was
packagers could replace them with a symlink to that.

Mattias

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 12:25 PM
Matej Cepl
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

Dne 31.8.2011 13:12, Mattias Ellert napsal(a):
> At the moment jquery is not package as a separate package. If it was
> packagers could replace them with a symlink to that.

Help us to finish https://bugzilla.redhat.com/show_bug.cgi?id=nodejs and
you can get https://bugzilla.redhat.com/show_bug.cgi?id=457343 finished
as well

Matěj

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 03:23 PM
Jorge Gallegos
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

On Tue, Aug 30, 2011 at 11:46:36PM -0700, Adam Williamson wrote:
> On Wed, 2011-08-31 at 07:52 +0200, Remi wrote:
> > >From : https://fedoraproject.org/wiki/Packaging:Guidelines#Duplication_of_system_librari es
> >
> > "At this time JavaScript intended to be served to a web browser is specifically exempted from this but this will likely change in the future."
> >
> > This explain why so much .js libraries are bundled in so much wedapps.
>
> Ah, thanks. I missed that. Still, it seems bad to be duplicating some
> very popular js quite so much:
>

Actually, it makes perfect sense. Different frameworks release versions with
different versions of jQuery or prototype. Trying to force all those packages
to play nice with a single system-wide library is hell.

Just imagine the scenario where, say, rails wants to ship version 1.1.5 but
there's a security patch in Django that relies on 1.2.1 and they are not backwards
compatible.

There's no hard-set rule of "how big a file has to be to be considered for packaging
on its own" afaik but I'd say these are copylibs with good reason.

> [root@adam lib]# repoquery -f */prototype.js
> rubygem-thin-doc-0:1.2.11-3.fc16.x86_64
> rubygem-railties-0:3.0.9-2.fc16.noarch
> rt3-0:3.8.10-4.fc16.noarch
> rubygem-json_pure-doc-0:1.5.1-1.fc16.noarch
> zabbix-web-0:1.8.6-1.fc16.noarch
> frepple-0:0.8.1-4.fc16.x86_64
> rubygem-scruffy-doc-0:0.2.6-2.fc15.noarch
> zikula-0:1.2.3-2.fc15.noarch
> rubygem-gettext_rails-doc-0:2.1.0-3.fc14.noarch
> rubygem-railties-0:3.0.10-1.fc16.noarch
> horde-0:3.3.11-2.fc15.noarch
> turba-0:2.3.5-2.fc15.noarch
> rubygem-actionpack-1:3.0.10-1.fc16.noarch
> WebCalendar-0:1.2.3-4.fc16.noarch
> pnp4nagios-0:0.4.14-5.fc15.x86_64
> frepple-0:0.8.1-4.fc16.i686
> dogtag-pki-tps-theme-0:9.0.6-1.fc16.noarch
> mantis-0:1.2.4-2.fc15.noarch
> imp-0:4.3.9-2.fc15.noarch
> wordpress-0:3.2.1-2.fc16.noarch
> mediatomb-0:0.12.1-12.fc16.x86_64
> mythweb-0:0.24.1-1.fc15.x86_64
> rubygem-shoulda-doc-0:2.11.3-1.fc15.noarch
> rubygem-calendar_date_select-0:1.15-4.fc13.noarch
> rubygem-locale_rails-doc-0:2.0.5-7.fc15.noarch
> ingo-0:1.2.5-1.fc15.noarch
> rubygem-json-doc-0:1.4.6-3.fc15.x86_64
> smokeping-0:2.4.2-12.fc15.noarch
> kronolith-0:2.3.4-2.fc15.noarch
> asterisk-0:1.8.5.0-1.fc16.2.x86_64
> rubygem-activeldap-doc-0:1.2.2-2.fc15.noarch
> wordpress-0:3.2.1-2.fc16.noarch
> zabbix-web-0:1.8.6-1.fc16.noarch
> python-Scriptaculous-0:1.8.2-6.fc15.noarch
> rubygem-actionpack-1:3.0.9-1.fc16.noarch
>
> erk.
>
> Still, it means for now I only need to worry about the PHP stuff...
> --
> Adam Williamson
> Fedora QA Community Monkey
> IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
> http://www.happyassassin.net
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 03:47 PM
"Richard W.M. Jones"
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

On Wed, Aug 31, 2011 at 08:23:56AM -0700, Jorge Gallegos wrote:
> On Tue, Aug 30, 2011 at 11:46:36PM -0700, Adam Williamson wrote:
> > On Wed, 2011-08-31 at 07:52 +0200, Remi wrote:
> > > >From : https://fedoraproject.org/wiki/Packaging:Guidelines#Duplication_of_system_librari es
> > >
> > > "At this time JavaScript intended to be served to a web browser is specifically exempted from this but this will likely change in the future."
> > >
> > > This explain why so much .js libraries are bundled in so much wedapps.
> >
> > Ah, thanks. I missed that. Still, it seems bad to be duplicating some
> > very popular js quite so much:
> >
>
> Actually, it makes perfect sense. Different frameworks release versions with
> different versions of jQuery or prototype. Trying to force all those packages
> to play nice with a single system-wide library is hell.
>
> Just imagine the scenario where, say, rails wants to ship version 1.1.5 but
> there's a security patch in Django that relies on 1.2.1 and they are not backwards
> compatible.

You could make the same argument for any library, and it would be just
as wrong.

Benefits from packaging Javascript once:

- if there's a security problem, you just have to fix and update
one package

- no questions about "is the security problem fixed in <this random
javascript file>"?

- we can probably arrange it so that users of different web apps
only download the javascript file once

- no extra copies on disk

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 05:31 PM
Stephen John Smoogen
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

On Wed, Aug 31, 2011 at 09:47, Richard W.M. Jones <rjones@redhat.com> wrote:
> On Wed, Aug 31, 2011 at 08:23:56AM -0700, Jorge Gallegos wrote:
>> On Tue, Aug 30, 2011 at 11:46:36PM -0700, Adam Williamson wrote:
>> > On Wed, 2011-08-31 at 07:52 +0200, Remi wrote:
>> > > >From : https://fedoraproject.org/wiki/Packaging:Guidelines#Duplication_of_system_librari es
>> > >
>> > > "At this time JavaScript intended to be served to a web browser is specifically exempted from this but this will likely change in the future."
>> > >
>> > > This explain why so much .js libraries are bundled in so much wedapps.
>> >
>> > Ah, thanks. I missed that. Still, it seems bad to be duplicating some
>> > very popular js quite so much:
>> >
>>
>> Actually, it makes perfect sense. Different frameworks release versions with
>> different versions of jQuery or prototype. Trying to force all those packages
>> to play nice with a single system-wide library is hell.
>>
>> Just imagine the scenario where, say, rails wants to ship version 1.1.5 but
>> there's a security patch in Django that relies on 1.2.1 and they are not backwards
>> compatible.
>
> You could make the same argument for any library, and it would be just
> as wrong.
>
> Benefits from packaging Javascript once:
>
> *- if there's a security problem, you just have to fix and update
> * one package
>
> *- no questions about "is the security problem fixed in <this random
> * javascript file>"?
>
> *- we can probably arrange it so that users of different web apps
> * only download the javascript file once
>
> *- no extra copies on disk
>
> Rich.

Here is the problem in a nutshell. The upstreams for all this will not
give a rats ass about using a system wide jquery because it does not
solve their problem.

Their problem is that the majority of their users are going to be
grabbing pages from "smart" phones which aren't smart and will gladly
download the same data over and over again because they are built to
use as much bandwidth as possible so the user gets charged for data
caps. Also you know that 99% of your customers only really get full
bandwidth if their phone if they stand next to a tower with the phone
plugged into a charger.. otherwise they get crap for bandwidth even at
5 bars.

So you make sure your javascripts aren't the full score 100k
monstrosities but are just what you need to get the page to work. So
those 80 copies of jquery we have aren't going to be the same even if
they all came from the same version of upstream jquery. And delivering
just one large jquery that can be used is not going to fit what either
upstreams, web developers OR their users want or need.

And yes I know, we can say all of the above for anything else and show
how it is wrong for all those cases. Unlike math, the real world
doesn't care and finding a counter example does not invalidate the
reason it is true in some place.


--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 05:35 PM
Matej Cepl
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

Dne 31.8.2011 19:31, Stephen John Smoogen napsal(a):
> they all came from the same version of upstream jquery. And delivering
> just one large jquery that can be used is not going to fit what either
> upstreams, web developers OR their users want or need.

I still haven't got the reason why jQuery cannot be “compiled” from the
source as any other source code? Why do you still talk about large
monstrosities? Nobody requires that.

Matěj
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 05:35 PM
Matej Cepl
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

Dne 31.8.2011 19:31, Stephen John Smoogen napsal(a):
> they all came from the same version of upstream jquery. And delivering
> just one large jquery that can be used is not going to fit what either
> upstreams, web developers OR their users want or need.

I still haven't got the reason why jQuery cannot be “compiled” from the
source as any other source code? Why do you still talk about large
monstrosities? Nobody requires that.

Matěj

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 08-31-2011, 05:49 PM
Adam Williamson
 
Default Oh god, my eyes (packaging a hairball of bundled PHP stuff, tt-rss)

On Wed, 2011-08-31 at 19:35 +0200, Matej Cepl wrote:
> Dne 31.8.2011 19:31, Stephen John Smoogen napsal(a):
> > they all came from the same version of upstream jquery. And delivering
> > just one large jquery that can be used is not going to fit what either
> > upstreams, web developers OR their users want or need.
>
> I still haven't got the reason why jQuery cannot be “compiled” from the
> source as any other source code? Why do you still talk about large
> monstrosities? Nobody requires that.

often web apps only use one or two functions ripped out of a much larger
'library' - all of those packages which have bits of jquery in them are
unlikely to have *all* of jquery in them, and they probably don't have
the same little chunks.

I think this applies less to prototypejs, though: it's a single file,
and when I checked quickly, all the packages I looked at seemed to have
more or less the same version of it. I can do a more careful evaluation
if I get a bit of time, though, and see how much variance there really
is in the prototype.js files in all those packages.

jquery, at least, claims a very strong security history, with only one
fairly minor vulnerability. prototype.js has had at least one
significant vuln, as that bug link I put in my original mail shows.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 10:07 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org