[dev] minified Javascript code in Horde
Mike Gabriel
mike.gabriel at das-netzwerkteam.de
Wed May 13 09:45:57 UTC 2020
Hi Ralf,
On Di 12 Mai 2020 15:56:01 CEST, Ralf Lang wrote:
> updating things like jQuery (only used in the mobile views AFAIR)
> can be tricky, especially as you will jump major versions ahead and
> the effects are only visible in interactive testing in the browser.
> It's possible though.
Copies of code are always bad from the security maintenance point's of
view, but esp. with jQuery they seem to be silently accepted for web
applications in various packages in Debian. The security team
maintains a list of packages de-duplicating certain code projects
(like jQuery, but also VNC code, etc.).
> The minifying is not so much a problem as Horde can do that "on the
> fly" during runtime. However I wonder how debian would handle any
> JS produced by a modern typescript pipeline where the verbatim
> typescript is not ready to run and the resulting JS is always derived.
Explain in more depth please. What typescript pipeline system do you
mean? The generic answer is that the pipelining has to happen at every
Debian package build and the pipelining toolchain must be in Debian
and a build requirement for the Debian package that relies on the
resulting JS.
Greets,
Mike
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: Digitale PGP-Signatur
URL: <https://lists.horde.org/archives/dev/attachments/20200513/a10ce110/attachment.sig>
More information about the dev
mailing list