Quoting Satoru KURASHIKI (2013-10-08 14:34:49) > On Mon, Sep 23, 2013 at 8:56 PM, Jonas Smedegaard <[email protected]> wrote: >> Packages rt4-extension-jsgantt and trac-jsgantt embed the Javascript >> library jsgantt. >> >> That Javascript library should instead be packaged separately and >> depended upon. Package name should be libjs-jsgantt according to >> <https://wiki.debian.org/Javascript/Policy>. >> >> This issue potentially affects security: See Debian Policy 3.9.4 ยง >> 4.13. > > Unfortunately, rt-extension-jsgantt includes modified version of > jsgantt to work with rt, so it couldn't depend on libjs-jsgantt
Ah, right - here are the diffs: https://github.com/bestpractical/rt-extension-jsgantt/tree/master/etc The libjs-jsgantt package could include wiht its source the above diffs and apply them at build time, to also offer in the binary package the patched variant usable for RT. I believe that is much better than status quo. > if it exists. Package libjs-jsgantt does not yet exist. Just now I filed bug#725794, and intend to do the packaging unless (preferred) someone else in the Javascript team picks it up. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
