[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

On Fri, 28 Aug 2015 10:45:16 +0200
Samuel Thibault <sthibault@debian.org> wrote:

> Vincent Bernat, le Fri 28 Aug 2015 10:06:17 +0200, a écrit :
> > Maybe it can be trimmed a bit more, but that's still 239 unique
> > dependencies.
> Note that you don't have to make that 239 debian packages, you could
> as well just ship them all in one package, as long as the whole code
> passes NEW, i.e. all their copyrights are fine.

Depends how many upstreams are involved and therefore how many release
schedules. Any more than a handful of differing release schedules and
keeping such a beast up to date is impossible.

I still find it hard to believe that *so* much code is required to
minify JS. The excuse that JS is "moving fast" is nonsense. The reality
would appear to be that nobody actually *cares* about the mess, they
just use it.

Why isn't there a KISS tool to do this? Is it all just special
snowflake optimisations for what has to be / should be a simple process
of removing whitespace and collapsing the formatting?

Usable software needs usable tools.

As a likely victim of the result(s) of this discussion, I'm going to
say right now that I'm not the one to write such a tool. :-)


Neil Williams

Attachment: pgpwYjAdUdF__.pgp
Description: OpenPGP digital signature

Reply to: