[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

* Thorsten Glaser <t.glaser@tarent.de> [150902 07:50]:
> There is (I just had an epiphany) another possible criterium to apply
> for to determine what the preferred form of modification is:
                                           ^ for
  [Okay, so I'm being pedantic, but this is a common mistake.]

> Does upstream accept patches for that form?

I thoroughly and whole-heartedly disagree with this criterion.  As I
stated in an earlier message, the purpose of the source requirement in
the DFSG (and GPL, etc.) is not to protect the rights of the persons
distributing software, but those receiving the software.  There is no
requirement that changes to the software be returned to upstream; such a
requirement would violate the dissident and desert island tests¹.

The source requirement is so that the recipient can make changes if
desired, and if the changes are redistributed (not passed back to
upstream), the second-level recipient may also make changes.

Any test of preferred form for modification must be in terms of how the
recipient is able to use it, not how the distributor would like it.


[1] https://people.debian.org/~bap/dfsg-faq.html#testing

Reply to: