[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

> On Mon, Aug 31, 2015 at 11:21:55AM -0400, Marvin Renich wrote:
> > * Bas Wijnen <wijnen@debian.org> [150830 07:53]:
> > > On Sun, Aug 30, 2015 at 10:14:13AM +0200, Vincent Bernat wrote:
> > > > Is that the preferred form of modification? It depends, but from the
> > > > jQuery author point of view, it isn't:
> > > 
> > > Then it isn't.
> > 
> > I take exception to this.
> I agree with your point.  What I meant to say is that what upstream actually
> uses for modifying the work is what we should use as source.  That may change
> if upstream changes, and it may not be a clear definition anyway if upstream
> consists of multiple people and they have different ideas about it.  But most
> of the time this is very clear; if you send a patch and they say "that's not
> the file I use for editing", then it's not the source.

Okay, in general what upstream uses (if it satisfies Debian's definition
of source) is what we should try to use if we don't have a reason to do
otherwise, but not doing so does not violate the DFSG.  That is not the
purpose of the DFSG requiring source.  The purpose is so that
downstreams can fork, using their own repositories and distribution
mechanisms, and perhaps different mandatory coding styles for acceptance
into their repos.  And then a downstream of a first-level downstream can
do the same.

Perhaps one downstream likes to refactor to decrease the total number of
files, and another likes to decrease the average number of lines per
file.  Both are still valid DFSG-compliant source.

> > Also note that the phrase "preferred form of the work for making
> > modifications to it" comes from the GPL, not from the DFSG.
> True, but we don't have a definition ourselves, and there seems to be consensus
> that this is a good one.



Reply to: