Re: [MoM] Minified JS and other things
Hi Emilien,
On Fri, Jun 20, 2014 at 02:36:01PM +0200, Emilien Klein wrote:
> at package build time remove the
> upstream-provided files and instead use the ones from the Debian
> package.
The recent discussion at debian-devel@l.d.o had some quite strong
arguments to remove the files right in the *source* (using
Files-Excluded) and not at package build time. There is no written
policy yet but I understood this as a rough consensus.
> It's a bit more upfront packaging work, but it provides increased
> security: if an issue is found in e.g. jQuery, you just need to update
> the jQuery Debian package once, and all packages that use it are
> automatically fixed. If you don't do that, you need to audit all
> Debian packages to find embedded copies of jQuery, and update all
> these packages.
+1
Kind regards
Andreas.
--
http://fam-tille.de
Reply to: