Quoting Antoine Beaupré (2014-01-30 22:56:53) > On 2014-01-30 16:30:37, Jonas Smedegaard wrote: >> Quoting Antoine Beaupré (2014-01-30 21:34:21) >>> On 2014-01-30 15:17:31, Jonas Smedegaard wrote: >>>> Convenience code copies don't require *runtime* compression. >>> >>> What? Isn't that why we are talking about triggers for javascript? >> >> Uhm, no. At least I am not. > > Yes, you are.
No, I do not talk about triggers for JavaScript due to convenience code
copies requiring runtime compression.
> In the original #721567 bug report:
>
>> For the bundling file I think best would be for the package to
>> generate that file using a dpkg trigger, so that it gets regenerated
>> whenever one of its dependent library packages are updated.
Thanks for pointing out where you (to follow suite on the shift of tone)
misunderstood.
I did indeed talk about compressing at runtime - for other reasons than
convenience code copies requiring runtime compression (they don't!).
> But anyways, that's beside the point here. The point is that the
> Jquery library (for example) we use is the one from the jquery
> package, so we need runtime compression to update it when the jquery
> package updates.
>
> We don't have this problem with CSS because the CSS is shipped with
> Photofloat and not part of another package.
>
> That's the point I am trying to make here.
Understood.
I don't agree that you need to compress at runtime. You can and it is
elegant if you do, but you do not need to.
>>> Sure, maybe it was respecting policy to compress at build time (the
>>> package is in Debian after all), but it is a potential security
>>> problem anyways.
>>
>> No, I believe you are mistaken.
>
> I believe not using triggers, in the case of jquery, for example, is a
> security issue because if we simply use a symlink and build at install
> time, when jquery is updated for a security vulnerability, we are
> still vulnerable.
I believe Security team checks for and issues binNMUs for reverse
build-dependencies as part of doing security updates.
>>>>>> Here is - I think - all sensible options:
>>>>>>
>>>>>> CSS can be compressed or compacted or simply collated during
>>>>>> build, and install that once below /usr, or once below /etc with
>>>>>> symlink below /usr, or once below /etc recompressed or
>>>>>> recompacted on-demand below /var with symlink below /usr.
>>
>>>>> b. install CSS compressed in /var
>>>>> c. install CSS sources in /etc
>>>>> d. provide a clear way for users to get from c to b, but don't
>>>>> do it automatically.
>>>>> e. symlink in /usr to /etc and /var for consistency and
>>>>> simplicity
>> Why compress,
>
> I said:
>
>> a. compress CSS during build (or compact, i don't care)
>
> So I don't care.
Thank you for (implied) clarifying that the remark applies to all items
in your list, not only to a. where it was written.
>> and what "consistency and simplicity" is in that + /var?
>
> The consistency is not related to /var, but to symlinks within the
> rest of the photofloat install in /usr.
Thanks again for clarifying that the list is not really so much a list.
> I think compacted files should be shipped in /var, because they can be
> potentially regenerated by the user from the sources in /etc. This is
> along the policy of allowing /usr to be readonly.
Understood.
(I don't agree, but that's not important)
>>>>>> I recommend to compact during build, and install that once below
>>>>>> /etc with a symlink below /usr.
>>>>>
>>>>> What about the source files? How do people rebuild if they modify
>>>>> in /etc?
>>>>
>>>> You tell me - I suggest to not do such overkill.
>>>
>>> Why on earth would we ship undecipherable configuration files in
>>> /etc if we do not allow people to rebuild them from source?
>>
>> You tell me - I recommend compacting, not compressing as you propose.
>
> I guess it's still unclear to me what compacting does then.
Check the different output of scss --style {compact,compressed}
> We are clearly wasting time.
Bye then.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
