1) For dealing with non-source files see ยง4.16. 2) The script calls https://www.google-analytics.com/analytics.js which is a privacy breach. I do not know the Policy section which applies to this but it is certainly a violation of the social contract, which says: "Our priorities are our users and free software".
You should really have a look at the lintian output. There are more privacy-breach-generic tagged errors in the quill files. Those should be addressed as well.
