❦ 25 août 2015 16:04 +0200, Jakub Wilk <jwilk@debian.org> :
>>> I believe the blog post below has relevance to Debian's stance on
>>> including minified JavaScript in packages:
>>>
>>>https://zyan.scripts.mit.edu/blog/backdooring-js/
>>>
>>> To me the problem suggests that it is important from a security and
>>> accountability perspective to 1) include the human-readable source
>>> code of JavaScript in Debian packages, and 2) to compile the
>>> human-readable source code into a minified code (if required)
>>> during package builds, using a JS-minifier that is included in
>>> Debian.
>>>Thoughts?
>>
>>This is anyway mandatory in Debian,
>
> Do we actually require re-minifying JS code at build time?
No, we don't require to rebuild everything from source. It should just
be possible to do it with what is in main. The last occurrence that I
can find of this discussion is here:
https://lists.debian.org/debian-devel/2014/11/msg00929.html
--
Test input for validity and plausibility.
- The Elements of Programming Style (Kernighan & Plauger)
Attachment:
signature.asc
Description: PGP signature