[Pkg-javascript-devel] Bug#677619: Bug#677619: libjs-jquery-ui: Please provide pristine copy of upstream minified files too

Jonas Smedegaard dr at jones.dk
Fri Jun 15 18:55:45 UTC 2012 

On 12-06-15 at 02:20pm, Raphaël Hertzog wrote:
> It would be nice if you could also provide the various *.min.js files 
> that upstream does provide.
> 
> I understand that you provide jquery.ui.min.js which includes 
> everything but there are plenty of applications which embed a subset 
> of the various *.min.js files (in my case Wordpress) and it would be 
> nice if we could replace them with a symlink.
> 
> Ideally you would even provide pristine copy of those files so that we 
> can more easily identify when they are really the same files or not 
> (this means that you should not minify them during build unless you 
> have changed the original file as well). This is particularly 
> interesting so that people can use the "deduplicate" command of 
> dh-linktree instead of blindly replacing the files by symlinks.

I agree that all[1] javascript files offered for browser use (i.e. below 
/usr/share/javascript/) should include a minified variant.  I disagree, 
however, that upstream minification should be used, as it raise the risk 
of flaws or mallice passed on unnoticed from upstream to Debian: changes 
to minified files cannot be checked with simple "git diff" as is the 
case for most[2] upstream preferred source formats.

Perhaps dh-linktree could be extended to check against hashes too, and a 
packaging helper tool could be developed to generate lists of 
(alternative) hashes for files shipped with binary packages.


Regards,

 - Jonas


[1] when it makes sense - i.e. not e.g. when file is too small to gain 
any benefit from minification.

[2] at least one project - etoys - use a binary format as preferred 
source format, and for that very reason is placed in non-free even if 
DFSG-free, due to the Debian Security Team judging it too difficult to 
reliably handle eventually security patches for it.

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-javascript-devel/attachments/20120615/a98d4106/attachment.pgp>

More information about the Pkg-javascript-devel mailing list