On 25/04/14 02:16, Manuel A. Fernandez Montecelo wrote: > > I don't think that we should go and do the tedious work of repack > thousands of > packages because of this, with no real benefit in terms of freedom (or > any > other) for our users -- provided that we depend and link to the canonical > versions in the binary packages. >
That is exactly why there is a GSoC project this year that involves pro-actively and automatically creating repackaged upstream tarballs - the focus is on Java, but some of these solutions can be generalized http://danielpocock.com/automatically-creating-repackaged-upstream-tarballs-for-debian so that DDs can just grab a clean tarball to work with whenever they need to, automatically see a summary of new or changed non-free files between upstream tags, etc There is no doubt in my mind that if the rules are not strict then sooner or later somebody will sneak something bad into some minified Javascript - maybe it will happen upstream and the DD won't even be aware of it. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/535a5bfb.7070...@pocock.pro