On Mon, Jun 29, 2015 at 4:18 AM, Stef Walter <st...@redhat.com> wrote: > I think that as described, this change will cause more harm than good. > As both an upstream and a packager of Cockpit I am against it in its > current form.
Please note that this Change has already been implemented as approved by FESCo for a previous Fedora release. It has only been submitted now for final announcement, since it was not complete by the Change Freeze. Turning back now would require blocking packages from the distribution and reverting patches to packages that already depend on js-jquery*. This cannot be done by FESCo merely rejecting this feature. > With significant extra work (such as CI) perhaps the change could be > less harmful, see below. > > 1. How will compatibility issues be handled? In the case of Cockpit, > jQuery forms part of our future plugin API guarantees. > > The web application loses control of its dependencies, which normally > form a intimate part of the app. How much bandwidth do you have to > handle such bug reports? If you depend on a particular release of jQuery, you are free to package it in Fedora. While I am only committing to maintaining the latest 1.x and 2.x versions, it does not stop anyone else from packaging older versions where necessary. The general packaging guidelines permit this and the JavaScript packaging guidelines contain some extra considerations to make this easy. > 2. Will Fedora have continuous integration running for all applications > it modifies in this way so it can detect breakage? Or should upstream > ignore bug reports from Fedora versions where their code has been > patched, with regards to jQuery? Fedora Quality Assurance is currently working on a continuous integration system for the distribution and I assure you that I am just as eager to use it as the next person. But yes, right now we don't even currently have the CI resources to check if the kernel we're going to ship in rawhide tomorrow even boots! I'm not sure why this would make upstream ignore bug reports. Does Mozilla ignore bug reports for Firefox on Fedora because we unbundle libraries that they bundle in their upstream build and we don't have CI? I don't think so... > 3. Most modern web applications compress and bundle their resources. For > example in Cockpit, we: > > * Gzip jQuery and all other javascript resources. This is a matter for your web application/web server configuration and is not affected by this change. > * Bundle them together with other resources and load them together > with other scripts in one HTTP response. This is still allowed, though the new guidelines require these be compiled using Fedora-provided sources and not bundled ones. > You'll find this going on throughout most applications that care about > load time or module loading. > > > 4. Many web applications load jQuery from CDN (although not Cockpit, > since it can be used with a non-internet connected server). Do you plan > to patch these as well? If not, then why are these left out of the scope > of the change? This has always been forbidden, long before the new JavaScript guidelines: "Software which downloads code bundles from the internet in order to be functional or useful is not acceptable for inclusion in Fedora (regardless of whether the downloaded code would be acceptable to be packaged in Fedora as a proper dependency)." [1] So presumably these are already patched, and this Change just makes that quite a bit easier. :-) -T.C. [1] http://fedoraproject.org/wiki/Packaging:Guidelines#Packages_which_are_not_useful_without_external_bits -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct