On 10/13/2011 02:24 PM, Jakub Wilk wrote: > * Daniel Kahn Gillmor <d...@fifthhorseman.net>, 2011-10-13, 13:38: >> Thanks for packaging trac for debian, and for relying on the system >> copy of jquery rather than on an embedded code copy. > > Then you probably won't be happy to find out that the version in sid > uses the embedded copy.
hmm, the changelog says:
* Drop 15_remove_jquery_file.dpatch because Trac requires a specific
version of jQuery (Closes: #592734, #610557) (LP: #526810, #610205).
If a specific version is required, the trac debian package should have
an explicit versioned dependency. Embedding a copy of another software
package is bad news from a security and maintenance perspective.
I'm CC'ing the folks tracking embedded code copies [0] here so they're
aware of this new issue.
Regards,
--dkg
[0] https://wiki.debian.org/EmbeddedCodeCopies
signature.asc
Description: OpenPGP digital signature
