❦ 1 septembre 2015 21:10 +0200, Didier 'OdyX' Raboud <odyx@debian.org> :
> I think we should take a strong move there and exercise (as well as
> justify to the outer world) our free software right to recompile the
> software that we ship to our users: this could mean to only merge & gzip
> JS files if minifying isn't realistic [3]. Not doing so _is_ going to
> hurt our ability to exercise our freedoms in the future, it's also
> making a disservice to our users.
It seems this thread shed too much tears and is too much focused on
minification. The minification step is usually easy. We have
yui-compressor (that nobody uses upstream, hence the small risk of using
it) and uglifyjs (but a version vulnerable to the attack at the origin
of this thread). What's difficult is to get the code to be modified from
the original source. There are two difficulties:
1. Upstream may not ship this source but only the minified version
because the JS code is just a dependency and some upstream are used
to just ship the minified source. We can recover the original code
from another source but there is a risk that this is not really the
original code because many JS projects have a modular build (jQuery,
modernizr, ...). This is what Raphael is explaining for Wordpress (I
think).
2. Upstream may generate the final pre-minification file with complex
tools, like an AMD loader or an ES6/ES5 transpiler, along with the
use of non-packaged build tools like Grunt.
Unfortunately, I don't have an immediate solution for the first
problem. For the second one, a solution would be to consider the
pre-minification JS code to be perfectly valid source code
(indentations, comments, variable names, everything is here).
--
Don't compare floating point numbers just for equality.
- The Elements of Programming Style (Kernighan & Plauger)
Attachment:
signature.asc
Description: PGP signature