Re: Security concerns with minified javascript code

[Jakub Wilk <jwilk@debian.org>]

* Ian Jackson <ijackson@chiark.greenend.org.uk>, 2015-08-25, 19:08:
> Not regenerating configure doesn't pose any significant risk that we're 
> shipping a configure script that we can't regenerate (or, at least, 
> regenerate an equivalent or better one).

Autotools stuff tends to bitrot, just like everything else. There's a 
reason we have 4(+1) versions of autoconf and two versions of automake 
in jessie.

> I've not heard of people (for example) using private autoconf macros 
> not included in their build tree.

#580190

--
Jakub Wilk