On 08/24/2015 01:54 PM, Simon Josefsson wrote: > I believe the blog post below has relevance to Debian's stance on > including minified JavaScript in packages: > > https://zyan.scripts.mit.edu/blog/backdooring-js/ > > To me the problem suggests that it is important from a security and > accountability perspective to 1) include the human-readable source code > of JavaScript in Debian packages, and 2) to compile the human-readable > source code into a minified code (if required) during package builds, > using a JS-minifier that is included in Debian. > > Thoughts?
This is anyway mandatory in Debian, so if you find a package who's not doing this, please file an RC bug. Thomas
