[development] Drupal's CVS policies... including 'foriegn' code in TinyMCE module?

Michael Favia michael at favias.org
Thu May 24 05:03:08 UTC 2007

Scott McLewin wrote:
> Michelle Cox wrote:
>> On 5/23/2007 7:27:59 AM, Scott McLewin (drupal at mclewin.com) wrote:
>>> When third party libraries become popular they benefit from a move into
>>> core, like jQuery did, and at that point they become the responsibility
>> You make it sound like this is a common occurrence. As far as I know, 
>> jQuery was a special case, and it's highly unlikely that, say, 
>> TinyMCE would become part of core.
> I cannot speak to the frequency.  As Drupal's popularity increases, I 
> do believe we will see more incorporation of third party libraries in 
> contrib modules, and as I wrote earlier today (in my time zone) I 
> think managing a common version of those third party libraries within 
> core for modules to share is indeed added work for the core maintainers.
> I don't buy Karoly's security argument as the driving reason for why 
> we have a problem with this 'foreign' code, but I do believe we have a 
> looming problem with the management of third party libraries.  I'll be 
> pleased to be wrong on this point.
Perhaps to address this concern, we could create a dedicated module that 
simply provides the third party library in question and little or no 
additional functionality as required by drupal. The the modules that 
depend on it can do just that in the info files. Avoids duplication and 
centralizes the management and ability to audit for security issues too 

Michael Favia                   michael at favias.org
tel. 512.585.5650        http://michael.favias.org

More information about the development mailing list