Pau Garcia i Quiles <firstname.lastname@example.org> writes:
> On Sun, Aug 19, 2012 at 8:10 PM, Simon Josefsson <email@example.com> wrote:
>>> As for
>>> verification, having the source next to the minified version does not
>>> guarantee anything about the minified version, all the more that we
>>> don't have currently in Debian Wheezy a reliable minifier.
>> That seems problematic -- so even if the source is shipped, there is no
>> way to re-build the minified file?
> It really depends on using exactly the same version of the same
> minifier with exactly the same parameters (which you may not know) and
> even then you cannot be sure, e. g. a minifier may use generate
> shortened variable names randomly.
I believe differences like that are not important, compare how gcc
generate different binaries each time depending on parameters etc.
However, if a minified file is shipped that cannot be re-created at all
(due to no minifier) I don't think shipping source for the file is the
only problem. Both source code and the tools needed to generate output
forms is needed for users to be able to use a modified version of the