On Sun, Dec 12, 2010 at 02:59:18AM +0300, Pavel Alexeev (aka Pahan-Hubbitus) wrote: > 09.12.2010 17:46, Tom Callaway wrote: > > Here are the latest set of changes to the Fedora Packaging Guidelines: > > --- > --- > Some clarification has been added to the sections dealing with bundled > libraries, specifically that: > > In this RPM packaging context, the definition of the term 'library' > includes: compiled third party source code resulting in shared or static > linkable files, interpreted third party source code such as Python, PHP > and others. At this time JavaScript intended to be served to a web > browser is specifically exempted from this but this will likely change > in the future. > > https://fedoraproject.org/wiki/Packaging:Guidelines#Duplication_of_system_libraries > > > JavaScript libraries may be bundled in any way? No additional guidelines for > that?? Why? > ATM they are not because not everyone is convinced that JavaScript has security issues (Some people see JavaScript as data served by a web server rather than code). The code is executed on the client rather than the server so the security concerns are different but the JavaScript Packaging draft lays out the case for JavaScript libraries having similar concerns despite that:: https://fedoraproject.org/wiki/JavaScript_libraries_packaging_guideline_draft Additionally, there is a lot of work involved in unbundling JavaScript because I anticipate zero upstreams currently having build scripts that anticipate being able to use unbundled JavaScript. So when we mandate this, we want to be ready with working recipes for how to unbundle. We would be very happy to have someone work on the JavaScript Guidelines and try to get them into shape for the FPC to cote on them. I've invited many people to work on that but no one has taken me up on that so far. Also note, the new wording in duplication of System Libraries makes clear that JavaScript that is being used on the local system is not allowed to be bundled (For instance, server-side JavaScript and bindings to libraries) whereas previous versions left that ambiguous. -Toshio
Attachment:
pgpo9zV6W1T_u.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
