[Pkg-javascript-devel] Bug#677619: Bug#677619: libjs-jquery-ui: Please provide pristine copy of upstream minified files too
Raphael Hertzog
hertzog at debian.org
Fri Jun 15 19:28:00 UTC 2012
On Fri, 15 Jun 2012, Jonas Smedegaard wrote:
> I agree that all[1] javascript files offered for browser use (i.e. below
> /usr/share/javascript/) should include a minified variant. I disagree,
> however, that upstream minification should be used, as it raise the risk
> of flaws or mallice passed on unnoticed from upstream to Debian: changes
> to minified files cannot be checked with simple "git diff" as is the
> case for most[2] upstream preferred source formats.
Right. At least it would be nice to use the same minifier tool than
upstream in the hope to generate the same minified file then.
> Perhaps dh-linktree could be extended to check against hashes too, and a
> packaging helper tool could be developed to generate lists of
> (alternative) hashes for files shipped with binary packages.
Can you elaborate?
How would you generate those hashes?
Would you try to minify the original file with all the possible
minifiers and store the list of hashes?
Cheers,
--
Raphaël Hertzog ◈ Debian Developer
Get the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/
More information about the Pkg-javascript-devel
mailing list