On Mon, Jul 11, 2016 at 12:06:57PM +0530, Pirate Praveen wrote: > Hi, > > There is a bug with severity serious filed against libjs-handlebars [1] > (it is also a bug in ruby-handlebars-assets). > > The corresponding source code is present in libjs-handlebars (only in > experimental right now, but it could be reuploaded to unstable once I > have clarity). > > It needs grunt to be packaged [2] to be able to browserify it in debian.
Note that this is not necessarily true. In theory, jQuery should require Grunt as well, but I was able to mimic the original build process without using Grunt. It took me a few hours, I would say, but it was way easier than packaging the gazillion dependencies needed to have Grunt itself. The source package contains exactly the source upstream uses for development, and the files shipped in the binary package match exactly what upstream distributes as pre-compiled, modulo whitespace. I even automated testing that this is the case as an autopkgtest test.
signature.asc
Description: PGP signature
