[development] Drupal's CVS policies... including 'foriegn' code in TinyMCE module?
Michael Favia
michael at favias.org
Thu May 24 05:03:08 UTC 2007
Scott McLewin wrote:
> Michelle Cox wrote:
>>
>> On 5/23/2007 7:27:59 AM, Scott McLewin (drupal at mclewin.com) wrote:
>>> When third party libraries become popular they benefit from a move into
>>> core, like jQuery did, and at that point they become the responsibility
>>
>> You make it sound like this is a common occurrence. As far as I know,
>> jQuery was a special case, and it's highly unlikely that, say,
>> TinyMCE would become part of core.
>>
> I cannot speak to the frequency. As Drupal's popularity increases, I
> do believe we will see more incorporation of third party libraries in
> contrib modules, and as I wrote earlier today (in my time zone) I
> think managing a common version of those third party libraries within
> core for modules to share is indeed added work for the core maintainers.
>
> I don't buy Karoly's security argument as the driving reason for why
> we have a problem with this 'foreign' code, but I do believe we have a
> looming problem with the management of third party libraries. I'll be
> pleased to be wrong on this point.
Perhaps to address this concern, we could create a dedicated module that
simply provides the third party library in question and little or no
additional functionality as required by drupal. The the modules that
depend on it can do just that in the info files. Avoids duplication and
centralizes the management and ability to audit for security issues too
boot.
--
Michael Favia michael at favias.org
tel. 512.585.5650 http://michael.favias.org
More information about the development
mailing list