Re: Security concerns with minified javascript code

To: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Thorsten Glaser <t.glaser@tarent.de>
Date: Wed, 2 Sep 2015 11:49:11 +0000 (UTC)
Message-id: <[🔎] loom.20150902T134758-207@post.gmane.org>
References: <m36140otnx.fsf@neo.luffy.cx> <[🔎] 87wpwai2ri.fsf@thinkpad.rath.org> <[🔎] 87bndm87gd.fsf@zoro.exoscale.ch> <[🔎] 32027870.eszcDKyeSS@odyx.org> <[🔎] m337yyylr4.fsf@neo.luffy.cx>

Vincent Bernat <bernat <at> debian.org> writes:

>  2. Upstream may generate the final pre-minification file with complex
>     tools, like an AMD loader or an ES6/ES5 transpiler, along with the
>     use of non-packaged build tools like Grunt.

> problem. For the second one, a solution would be to consider the
> pre-minification JS code to be perfectly valid source code
> (indentations, comments, variable names, everything is here).

There is (I just had an epiphany) another possible criterium to apply
for to determine what the preferred form of modification is:

Does upstream accept patches for that form?

(The Perl configure script discussion also comes into play, here.)

bye,
//mirabilos

Reply to:

Follow-Ups:
- Re: Security concerns with minified javascript code
  - From: Marvin Renich <mrvn@renich.org>

References:
- Re: Security concerns with minified javascript code
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>
- Re: Security concerns with minified javascript code
  - From: Didier 'OdyX' Raboud <odyx@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Re: Security concerns with minified javascript code
Next by Date: Re: Security concerns with minified javascript code
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Re: Security concerns with minified javascript code
Index(es):
- Date
- Thread