[pkg-php-pear] Bug#781414: Embedded code copies
Gunnar Wolf
gwolf at gwolf.org
Tue Apr 7 02:26:41 UTC 2015
David Prévot dijo [Thu, Apr 02, 2015 at 02:07:06AM -0400]:
> > Sorry for the lateness - I'm currently devoid of free time, and my
> > package maintainance status has suffered :(
>
> It’s not even been a week since that bug was filed, so no need to
> apologize (and yay, double happy event may drag one into other
> activities, cheers! ;).
Oh, yes, I cannot say I'm sorry for not having the same amount of time
I traditionally had ;-)
> I’ve introduced php-seclib in the archive to get rid of the embedded
> code copy from ownCloud, and must admit I’ve never notice any BC break:
> I’m happy to track the latest php-seclib upstream release for almost two
> years now, it seems to behave correctly ;).
> (...)
> Simply requiring 'HTMLPurifier.autoload.php' (or
> 'HTMLPurifier.includes.php', or 'HTMLPurifier.safe-includes.php', or…)
> instead of the standalone file should do the trick.
Done and uploaded. For the curious:
http://anonscm.debian.org/cgit/collab-maint/collabtive.git/commit/?id=6fcd7f38b71d73bae003d290d735de8234ddc8ad
http://anonscm.debian.org/cgit/collab-maint/collabtive.git/commit/?id=687e69463fb46e6b49d60c9ca3be39cd404cde67
> Feel free to bug php-htmlpurifier if you really want it to provide a
> big standalone file, but I’m not sure that’s necessary (nor a good
> idea at first sight). Please, note I only team-uploaded this package
> once, so I may not be the best person to provide more insight.
If this one works, I won't complain :) I agree the standalone file
does not seem so attractive from a distribution PoV.
> > I prefered symlinking as it requires less patching of the upstream
> > code. But, of course, if the PHP packaging group's best practices are
> > to patch, I will do so. Just please confirm!
>
> I’m a bit new in the PHP PEAR Maintainers team, other members may
> provide more insight here. My short experience with ownCloud packaging
> is that previous maintainers did it that way, and it looks a lot less
> hackish. E.g., if a file is added in an updated PHP class, as long as
> that file is not (yet) symlinked from the webapp using it, you may shoot
> yourself in the foot if this file is called from an existing one…
As you can see, I did this in a hybrid fashion ;-) I might clean up
later on. But I prefer to patch upstream as little as possible in
general.
Thanks for the report! (+hugs!)
More information about the pkg-php-pear
mailing list