On Wed, Aug 31, 2011 at 10:49:09AM -0700, Adam Williamson wrote: > On Wed, 2011-08-31 at 19:35 +0200, Matej Cepl wrote: > > Dne 31.8.2011 19:31, Stephen John Smoogen napsal(a): > > > they all came from the same version of upstream jquery. And delivering > > > just one large jquery that can be used is not going to fit what either > > > upstreams, web developers OR their users want or need. > > > > I still haven't got the reason why jQuery cannot be “compiled” from the > > source as any other source code? Why do you still talk about large > > monstrosities? Nobody requires that. > > often web apps only use one or two functions ripped out of a much larger > 'library' - all of those packages which have bits of jquery in them are > unlikely to have *all* of jquery in them, and they probably don't have > the same little chunks. > > I think this applies less to prototypejs, though: it's a single file, > and when I checked quickly, all the packages I looked at seemed to have > more or less the same version of it. I can do a more careful evaluation > if I get a bit of time, though, and see how much variance there really > is in the prototype.js files in all those packages. > > jquery, at least, claims a very strong security history, with only one > fairly minor vulnerability. prototype.js has had at least one > significant vuln, as that bug link I put in my original mail shows. > Hmmm...I'm not so sure about the assertion that people are ripping apart jquery in specific hold up. Does someone have numbers? I'm quite willing to bet that of the copies of jquery on Fedora, most of them are not a subset of jquery's core because most of them are not going to be used in web applications. Someone mentioned doxygen earlier and python-sphinx generated docs also follows this. (I notice that python-sphinx and the docs generated using it are using a minified version of jquery :-( Since we don't have a jsmin'er in Fedora atm, that means jquery in all these packages is not being created from source :-( ) For actual web apps, I'm also not sure that we'll find that the javascript has been amputated. Most of the js libraries are 1) fairly interconnected in terms of the functions they use to provide the functionality you use, 2) are intentionally kept to some sort of "core" size 3) are shipped in a minified form as well as having easier to work on source 4) using CDN's are becoming much more prevalent. Real numbers before bald assertions please :-) -Toshio
Attachment:
pgpIyPxhgsY1b.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
