[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

On Sep 01 2015, Helmut Grohne <helmut@subdivi.de> wrote:
> On Tue, Sep 01, 2015 at 08:15:19AM +0200, Guido Günther wrote:
>> Couldn't we just use the non-minified versions in most situations? A
>> heavily loaded wordpress site might not be good example but e.g. doxygen
>> documentation probably doesn't suffer much from non minified JS.
> I fail to see what problem that would solve here. The minification
> happens on Debian's buildds using tools from main. What would we gain by
> not doing it?

We would ensure that the shipped sources actually work. If you ship the
source, but the package is not using it (but the minified version that
was obtained by other means), experience has shown that the shipped
tends to get out-of-sync or otherwise useless.

GPG encrypted emails preferred. Key id: 0xD113FCAC3C4E599F
Fingerprint: ED31 791B 2C5C 1613 AF38 8B8A D113 FCAC 3C4E 599F

             »Time flies like an arrow, fruit flies like a Banana.«

Reply to: