At Fri, 25 Apr 2014 14:58:35 +0200, Daniel Pocock wrote: > There is no doubt in my mind that if the rules are not strict then > sooner or later somebody will sneak something bad into some minified > Javascript - maybe it will happen upstream and the DD won't even be > aware of it.
Yes, and that's why javascript shipped in binary packages should be build from source and we should not copy minified javascript files from upstream. I think there isn't much disagreement about that part. But if the minified javascript files in the upstream tarball aren't used when building the binary packages because the javascript libraries are already packaged in Debian, then it isn't possible that something bad sneaks in our packages. So why repack the upstream tarball? I don't really see any value in repacking every upstream tarball that has a minified copy of jQuery. Kind regards, Jeroen Dekkers -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/87mwf9bh4i.wl%jer...@dekkers.ch