[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

 ❦  3 septembre 2015 13:19 -0700, Nikolaus Rath <Nikolaus@rath.org> :

>>> Because you know you have the right and the ability to be a part of the free
>>> software community that created the software.  That is why you are running
>>> Debian and don't have contrib or non-free in your sources.list.
>>> From your mails it is clear that you don't care much about that.
>> Repeating that in each of your email is quite hostile. Please stop
>> saying that I don't care. I care. I just don't agree with you.
> As a (mostly) passive observer of this thread, I have to agree with Bas
> that what you're saying (and what not saying) in your other emails does
> seem to imply that you don't care.
> (And why is it hostile to say that someone doesn't care about something?
> I don't care about a lot of things, and I wouldn't consider it hostile
> for people to point that out).

It's hostile because it depicts as someone that shouldn't be a DD
(because we abided [abode?] to the social contract).

> Can you maybe clarify which of the following statements you don't agree with?
> 1. Minified javascript isn't source

I agree, minified JS isn't source.

> 2. Many javascript packages cannot be build from source with the tools
>    in main.

This is the one I don't agree. For me, pre-minification source is source
code. If you show the pre-minification version of jQuery, many people
will believe this is a valid source code (original comments, variable
names and indentation are here).

> 3. Software that cannot be build from source with the tools in main
>    must not go in main but into contrib

I agree. And doing from pre-minification source to minified source is
possible with the tools in main (uglifyjs or yui-compressor).
Avoid multiple exits from loops.
            - The Elements of Programming Style (Kernighan & Plauger)

Attachment: signature.asc
Description: PGP signature

Reply to: