Raphael Hertzog <hert...@debian.org> writes: > On Mon, 31 Aug 2015, Simon Josefsson wrote: >> How would someone rebuild the minified javascript files from the >> missing-sources files? > > They would not? > > The modified non-minified files are perfectly usable even if they are a > bit larger than the minified ones. > >> The included JavaScript file is minified and thus not readily >> modifiable, but source code exists in debian/missing-sources/ >> directory and can be rebuilt into the minified version by doing X. > > ...and can be installed over the minified files if you actually need to make > changes in those files.
Okay, documenting that seems like a good idea -- if there is a security problem in the minified generated javascript files (the proof-of-concept that started this thread indicated that is possible), I'm sure we would want to be able to replace them in a security update. However I suspect that any security updates will more likely replace the buggy minified javascript with a fixed minified javascript file (taken From upstream, generated using some unpackaged compiler), so I'm not convinced that our shipped source code for this is ever useful if it is not used to build the minified javascript that we ship. /Simon
signature.asc
Description: PGP signature
