Bug#724287: rt4-extension-jsgantt, trac-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
Quoting Satoru KURASHIKI (2013-10-17 03:18:53) On Tue, Oct 8, 2013 at 10:15 PM, Jonas Smedegaard d...@jones.dk wrote: Ah, right - here are the diffs: https://github.com/bestpractical/rt-extension-jsgantt/tree/master/etc The libjs-jsgantt package could include wiht its source the above diffs and apply them at build time, to also offer in the binary package the patched variant usable for RT. I believe that is much better than status quo. I'm unsure which that is better or not, but anyway, nearly dead upstream, few references, and so on... Indeed not actively maintained - but evidently in active use, so arguably _more_ important to streamline for eventual bugfixing. Package libjs-jsgantt does not yet exist. �Just now I filed bug#725794, and intend to do the packaging unless (preferred) someone else in the Javascript team picks it up. if libjs-jsgantt is packaged and provides patched variant for rt, I will update rt-extension-jsgantt to fit. Thanks! - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#724287: rt4-extension-jsgantt, trac-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
hi, On Tue, Oct 8, 2013 at 10:15 PM, Jonas Smedegaard d...@jones.dk wrote: Ah, right - here are the diffs: https://github.com/bestpractical/rt-extension-jsgantt/tree/master/etc The libjs-jsgantt package could include wiht its source the above diffs and apply them at build time, to also offer in the binary package the patched variant usable for RT. I believe that is much better than status quo. I'm unsure which that is better or not, but anyway, # nearly dead upstream, few references, and so on... Package libjs-jsgantt does not yet exist. Just now I filed bug#725794, and intend to do the packaging unless (preferred) someone else in the Javascript team picks it up. if libjs-jsgantt is packaged and provides patched variant for rt, I will update rt-extension-jsgantt to fit. regards, -- KURASHIKI Satoru
Bug#724287: rt4-extension-jsgantt, trac-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
hi, On Mon, Sep 23, 2013 at 8:56 PM, Jonas Smedegaard d...@jones.dk wrote: Package: rt4-extension-jsgantt,trac-jsgantt Severity: normal Tags: security Packages rt4-extension-jsgantt and trac-jsgantt embed the Javascript library jsgantt. That Javascript library should instead be packaged separately and depended upon. Package name should be libjs-jsgantt according to https://wiki.debian.org/Javascript/Policy. This issue potentially affects security: See Debian Policy 3.9.4 § 4.13. Unfortunately, rt-extension-jsgantt includes modified version of jsgantt to work with rt, so it couldn't depend on libjs-jsgantt if it exists. regards, -- KURASHIKI Satoru
Bug#724287: rt4-extension-jsgantt, trac-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
Quoting Satoru KURASHIKI (2013-10-08 14:34:49) On Mon, Sep 23, 2013 at 8:56 PM, Jonas Smedegaard d...@jones.dk wrote: Packages rt4-extension-jsgantt and trac-jsgantt embed the Javascript library jsgantt. That Javascript library should instead be packaged separately and depended upon. Package name should be libjs-jsgantt according to https://wiki.debian.org/Javascript/Policy. This issue potentially affects security: See Debian Policy 3.9.4 § 4.13. Unfortunately, rt-extension-jsgantt includes modified version of jsgantt to work with rt, so it couldn't depend on libjs-jsgantt Ah, right - here are the diffs: https://github.com/bestpractical/rt-extension-jsgantt/tree/master/etc The libjs-jsgantt package could include wiht its source the above diffs and apply them at build time, to also offer in the binary package the patched variant usable for RT. I believe that is much better than status quo. if it exists. Package libjs-jsgantt does not yet exist. Just now I filed bug#725794, and intend to do the packaging unless (preferred) someone else in the Javascript team picks it up. - Jonas -- * Jonas Smedegaard - idealist Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: signature
Bug#724287: rt4-extension-jsgantt, trac-jsgantt: embeds jsgantt - should depend on libjs-jsgantt separately packaged
Package: rt4-extension-jsgantt,trac-jsgantt Severity: normal Tags: security Packages rt4-extension-jsgantt and trac-jsgantt embed the Javascript library jsgantt. That Javascript library should instead be packaged separately and depended upon. Package name should be libjs-jsgantt according to https://wiki.debian.org/Javascript/Policy. This issue potentially affects security: See Debian Policy 3.9.4 § 4.13. - Jonas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
