[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

On Wed, 2015-09-02 at 08:59 -0400, Marvin Renich wrote:
> * Thorsten Glaser <t.glaser@tarent.de> [150902 07:50]:
> > There is (I just had an epiphany) another possible criterium to apply
> > for to determine what the preferred form of modification is:
>                                            ^ for
>   [Okay, so I'm being pedantic, but this is a common mistake.]
> > Does upstream accept patches for that form?
> I thoroughly and whole-heartedly disagree with this criterion.  As I
> stated in an earlier message, the purpose of the source requirement in
> the DFSG (and GPL, etc.) is not to protect the rights of the persons
> distributing software, but those receiving the software.  There is no
> requirement that changes to the software be returned to upstream; such a
> requirement would violate the dissident and desert island tests¹.
> The source requirement is so that the recipient can make changes if
> desired, and if the changes are redistributed (not passed back to
> upstream), the second-level recipient may also make changes.
> Any test of preferred form for modification must be in terms of how the
> recipient is able to use it, not how the distributor would like it.

My preferred form is a git repository of code written in C, Python, or
some other language I know.  That doesn't mean that a tarball of
Haskell code is non-free!

The preferred form for modification is generally whatever form an
upstream developer will load into a text editor or other interactive
editing tool.

Still, I think there are some exceptions to this.  I used to maintain
the sfc driver in Linux, which has some C header files generated by
script from Verilog or YAML files that aren't published.  In case I
received patches for these headers (usually spelling fixes) I would
make the corresponding change to the unpublished file as well.  I think
that, given the choice, outside developers would still have preferred
editing the C header files, so I was fairly comfortable with this.


> [1] https://people.debian.org/~bap/dfsg-faq.html#testing
Ben Hutchings
Horngren's Observation:
                   Among economists, the real world is often a special case.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: