> "László Böszörményi (GCS)" <g...@debian.org> writes: > > share/doc/build/html/_static/jquery.js > share/doc/build/html/_static/underscore.js > share/server/coffee-script.js > share/www/fauxton/js/require.js > share/www/script/jquery-ui-1.8.11.custom.min.js > src/fauxton/assets/js/libs/spin.min.js > src/fauxton/assets/js/plugins/prettify.js > src/fauxton/assets/js/plugins/zeroclipboard/ZeroClipboard.swf >> >> Do you have the source for these files?
I'm a little confused what you mean by 'the source for these files' when it comes to the .js files. Isn't the file itself the source? Looking at them, they all seem to have a free license attached to them (although the require.js one has it embedded in the javascript and is a little hard to see). The spin.min.js, prettify.js, don't seem to have a license attached to them In fact in the upstream LICENSE file, they specifically state the licenses for all of the js files (including the spin.min.js and prettify.js). The only one that I see that doesn't have the source or a specific license attached to it is the .swf. > Yes, some of them are packaged, but has very distant major upstream > release differences and jquery-ui was customized for CouchDB (how?). > Some of them are not yet packaged. I agree that embedding code-copies is a bad practice, and should be avoided as much as possible (in fact, when I was working on testing security issues, I pushed for this policy to be added to the Debian policy, and I still occasionally help in tracking embedded code copies in the security repository). So, lets look at them individually: > share/doc/build/html/_static/jquery.js libjs-jquery in debian unstable is 1.7.2 and this appears to be the version that is in this file, a diff of the debian packaged version and this file produces no results. So this could easily be removed and repacked and the package could instead depend on libjs-jquery. > share/doc/build/html/_static/underscore.js this file purports to be underscore.js version 1.4.4, and debian has libjs-underscore 1.4.4, a diff between these two produces no results, so just like libjs-jquery, this could be replaced by the package. > share/server/coffee-script.js the file says it is 1.2.0, debian has 1.4.0, personally I think that depending on the newer package and seeing if it causes any trouble would be a reasonable approach > share/www/fauxton/js/require.js I found node-requirejs in debian, but if you install it, you will install the entire libv8 library and nodejs... it does look like the same javascript, although different versions, and the couchdb one appears to have some couchdb specific things in it, so I would be inclined to continue to use the embedded one, and noting it in the security repository > share/www/script/jquery-ui-1.8.11.custom.min.js this appears to just be an older version of libjs-jquery-ui's /usr/share/javascript/jquery-ui/ui/jquery-ui.custom.min.js and we could probably use the packaged version > src/fauxton/assets/js/libs/spin.min.js I didn't find a package for this, but it looks pretty small... > src/fauxton/assets/js/plugins/prettify.js didn't find a package for this either... > What about the SWF file? This one we should ask upstream about... i asked on the #couchdb channel. Looking at how it is used it seems like it is just some convenience clipboard thing, and could be easily removed to route around the problem. >> Also please realize that upstream includes several other projects in >> the source tarball. Like the packaged ones: src/ibrowse/ , src/snappy >> and the not yet packaged one: src/mochiweb [1]. There are more, these >> were just examples. Yes, perhaps we can try to remove the ones that are packaged and depend on the packages and see how things work (or not). micah -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
