I believe the blog post below has relevance to Debian's stance on including minified JavaScript in packages: https://zyan.scripts.mit.edu/blog/backdooring-js/ To me the problem suggests that it is important from a security and accountability perspective to 1) include the human-readable source code of JavaScript in Debian packages, and 2) to compile the human-readable source code into a minified code (if required) during package builds, using a JS-minifier that is included in Debian. Thoughts? Before I regarded the problem with minified javascript as a nuisance, but I have changed my mind. /Simon
Attachment:
signature.asc
Description: PGP signature