On Sat, 24 Jan 2009 22:23:33 +0300 "Dmitry E. Oboukhov" <unera@debian.org> wrote: > I am asked to act as a sponsor of phpunit [*] package. However there's > a situation that needs an advice. There's JS in the package that was > run through the filter which deletes comments and spaces. In fact it is > like Java script passed through obfuscator. Is this the file: <script type="text/javascript" src="http://yui.yahooapis.com/2.6.0/build/yahoo-dom-event/yahoo-dom-event.js";></script> ? If so, it's ugly, yes, but the lack of comments doesn't render the file as "without source". The variable-name substitution to nearly only single character names certainly makes maintenance into a problem but that isn't necessarily non-free either. Doing a simple s/;/;\n/ produces some 900 lines. > I suggested to maintainer to replace this JS by the JS source and use the > filter (if it is necessary) in the moment of fulfilling debian/rules. > > However it seems that there's no source of this JS in public access, though > JS itself is distributed by BSD license. But what do you mean about source for this Javascript? Do you only mean the comments or obtaining some kind of idea about what the abbreviated variable names were originally called? It may well be preferable for ongoing maintenance (IMHO an important bug) and security implications. > JS - is an interpreter language, _theoretically_ it is possible to > _restore_ the source, but if following DFSG then in fact the source is not > included into archive. This is a bug of the Serious level (at least for > Debian/main). > > Am I right? Please help me to make a decision: what is better to do? > > 1. to became a sponsor of the package > 2. to post Serious bugs to [1] [2] [3] [*] packages > 3. to move the package to non-free (there's no source) How can you do [3] without also doing [2] if that is how you view the problem? Personally, I'd see what the security team think about this Javascript and the probable difficulties in fixing any bugs that may appear within it. -- Neil Williams ============= http://www.data-freedom.org/ http://www.linux.codehelp.co.uk/ http://e-mail.is-not-s.ms/
Attachment:
pgpkAawKdHDMG.pgp
Description: PGP signature