On Wed, 2011-08-31 at 19:35 +0200, Matej Cepl wrote:
Dne 31.8.2011 19:31, Stephen John Smoogen napsal(a):
> they all came from the same version of upstream jquery. And delivering
> just one large jquery that can be used is not going to fit what either
> upstreams, web developers OR their users want or need.
I still haven't got the reason why jQuery cannot be “compiled” from the
source as any other source code? Why do you still talk about large
monstrosities? Nobody requires that.
often web apps only use one or two functions ripped out of a much larger
'library' - all of those packages which have bits of jquery in them are
unlikely to have *all* of jquery in them, and they probably don't have
the same little chunks.
I think this applies less to prototypejs, though: it's a single file,
and when I checked quickly, all the packages I looked at seemed to have
more or less the same version of it. I can do a more careful evaluation
if I get a bit of time, though, and see how much variance there really
is in the prototype.js files in all those packages.
jquery, at least, claims a very strong security history, with only one
fairly minor vulnerability. prototype.js has had at least one
significant vuln, as that bug link I put in my original mail shows.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net