Scott McLewin wrote:
Michelle Cox wrote:
On 5/23/2007 7:27:59 AM, Scott McLewin (drupal@mclewin.com) wrote:
When third party libraries become popular they benefit from a move into core, like jQuery did, and at that point they become the responsibility
You make it sound like this is a common occurrence. As far as I know, jQuery was a special case, and it's highly unlikely that, say, TinyMCE would become part of core.
I cannot speak to the frequency. As Drupal's popularity increases, I do believe we will see more incorporation of third party libraries in contrib modules, and as I wrote earlier today (in my time zone) I think managing a common version of those third party libraries within core for modules to share is indeed added work for the core maintainers.
I don't buy Karoly's security argument as the driving reason for why we have a problem with this 'foreign' code, but I do believe we have a looming problem with the management of third party libraries. I'll be pleased to be wrong on this point. Perhaps to address this concern, we could create a dedicated module that simply provides the third party library in question and little or no additional functionality as required by drupal. The the modules that depend on it can do just that in the info files. Avoids duplication and centralizes the management and ability to audit for security issues too boot.
-- Michael Favia michael@favias.org tel. 512.585.5650 http://michael.favias.org