Quoting Antoine Beaupré (2014-01-30 22:56:53) > On 2014-01-30 16:30:37, Jonas Smedegaard wrote: >> Quoting Antoine Beaupré (2014-01-30 21:34:21) >>> On 2014-01-30 15:17:31, Jonas Smedegaard wrote: >>>> Convenience code copies don't require *runtime* compression. >>> >>> What? Isn't that why we are talking about triggers for javascript? >> >> Uhm, no. At least I am not. > > Yes, you are.
No, I do not talk about triggers for JavaScript due to convenience code copies requiring runtime compression. > In the original #721567 bug report: > >> For the bundling file I think best would be for the package to >> generate that file using a dpkg trigger, so that it gets regenerated >> whenever one of its dependent library packages are updated. Thanks for pointing out where you (to follow suite on the shift of tone) misunderstood. I did indeed talk about compressing at runtime - for other reasons than convenience code copies requiring runtime compression (they don't!). > But anyways, that's beside the point here. The point is that the > Jquery library (for example) we use is the one from the jquery > package, so we need runtime compression to update it when the jquery > package updates. > > We don't have this problem with CSS because the CSS is shipped with > Photofloat and not part of another package. > > That's the point I am trying to make here. Understood. I don't agree that you need to compress at runtime. You can and it is elegant if you do, but you do not need to. >>> Sure, maybe it was respecting policy to compress at build time (the >>> package is in Debian after all), but it is a potential security >>> problem anyways. >> >> No, I believe you are mistaken. > > I believe not using triggers, in the case of jquery, for example, is a > security issue because if we simply use a symlink and build at install > time, when jquery is updated for a security vulnerability, we are > still vulnerable. I believe Security team checks for and issues binNMUs for reverse build-dependencies as part of doing security updates. >>>>>> Here is - I think - all sensible options: >>>>>> >>>>>> CSS can be compressed or compacted or simply collated during >>>>>> build, and install that once below /usr, or once below /etc with >>>>>> symlink below /usr, or once below /etc recompressed or >>>>>> recompacted on-demand below /var with symlink below /usr. >> >>>>> b. install CSS compressed in /var >>>>> c. install CSS sources in /etc >>>>> d. provide a clear way for users to get from c to b, but don't >>>>> do it automatically. >>>>> e. symlink in /usr to /etc and /var for consistency and >>>>> simplicity >> Why compress, > > I said: > >> a. compress CSS during build (or compact, i don't care) > > So I don't care. Thank you for (implied) clarifying that the remark applies to all items in your list, not only to a. where it was written. >> and what "consistency and simplicity" is in that + /var? > > The consistency is not related to /var, but to symlinks within the > rest of the photofloat install in /usr. Thanks again for clarifying that the list is not really so much a list. > I think compacted files should be shipped in /var, because they can be > potentially regenerated by the user from the sources in /etc. This is > along the policy of allowing /usr to be readonly. Understood. (I don't agree, but that's not important) >>>>>> I recommend to compact during build, and install that once below >>>>>> /etc with a symlink below /usr. >>>>> >>>>> What about the source files? How do people rebuild if they modify >>>>> in /etc? >>>> >>>> You tell me - I suggest to not do such overkill. >>> >>> Why on earth would we ship undecipherable configuration files in >>> /etc if we do not allow people to rebuild them from source? >> >> You tell me - I recommend compacting, not compressing as you propose. > > I guess it's still unclear to me what compacting does then. Check the different output of scss --style {compact,compressed} > We are clearly wasting time. Bye then. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature