[development] Drupal's CVS policies... including 'foriegn' code in TinyMCE module?

Johan Forngren johan at forngren.com
Mon May 21 19:44:55 UTC 2007

Exactly, and if we start include external libs; wouldn't it make harder for
users to upgrade the libs? One wet dream for many developers is to control
what version of everything your running. It's possible/likely that we will
face a situation where module maintainers will encourage to use their
shipped version only.

If the users have to fetch the libs from an external source, they will most
likely get the most recent version. But on the other hand, they wont
probably upgrade them after that, even if they keep their modules up to

On 5/21/07, Jeff Eaton <jeff at viapositiva.net> wrote:
> it isn't "very simple;" security patches are just one aspect of issue.
> What about the fact that Drupal, despite its breakneck pace, moves
> SLOWER than some other GPL projects? In those scenarios, we actually
> need to keep an older version for compatibility issues.
> --Jeff
> On May 21, 2007, at 2:08 PM, Karoly Negyesi wrote:
> >> I don't understand what's so inconvenient in allowing external files.
> >
> > It's very simple. When there is a security fix released for the 3rd
> > party code then our repository necessarily will be some time behind
> > -- if the maintainer is sloppy then seriously behind. I do not want
> > Drupal distributing insecure code. Solve this problem and we can
> > move on.

  Johan Forngren :: http://johan.forngren.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20070521/94f8cae2/attachment.htm 

More information about the development mailing list