Ben Finney <> writes:

> There is a method for [ensuring that every Debian release of the
> source package ships no files without corresponding source]:
> Don't distribute the minified file from upstream; instead, distribute
> only the source form of the work, and compile a minified file during
> the build of the binary package.
> What other method do you propose for keeping our promise in the Social
> Contract? Does it meet that promise with as much certainty as the method
> I propose above?

Emilien Klein <> writes:

> 2014-03-28 0:28 GMT+01:00 Ben Finney <>:
> > Emilien Klein <> writes:
> >
> >> Let's take the example of jquery-lazyload [0].
> >>
> >> Both these files are provided in the upstream tarball:
> >> - jquery.lazyload.js
> >> - jquery.lazyload.min.js
> >>
> >> With the second one being the minified form of the first one.
> >
> > How will you guarantee that ‘jquery.lazyload.js’ is the corresponding
> > source for the file ‘jquery.lazyload.min.js’? How will you guarantee
> > that holds true every time a new version is released upstream?
> As we can't make sure we're minimizing the file exactly the same way
> upstream does, would comparing doubly-minified files work (I need to
> try, but no suitable computer had hand just now): […]
> Validation check:
> If File D and File E are equal, then we can assure file B was minified
> from file A by upstream.
> I'll try this out for lazyload and report back.
> Should the check fail, the package does not build (and then we
> repackage). Recheck by next package to see if repackageing is still
> necessary.

This is significantly more complex and more prone to false positives,
than simply dropping the non-source files from the source package, as I

> I feel there is more value in shipping the upstream tarball (if we can
> assure the minified file comes from the supplied source), as
> repackaging is an extra step that could theoretically go wrong.

I think you're engaging in wishful thinking. The process you propose has
more steps to go wrong, and more points of potential error, than simply
dropping the non-source files from the source package.

 \         “If nature has made any one thing less susceptible than all |
  `\    others of exclusive property, it is the action of the thinking |
_o__)                          power called an idea” —Thomas Jefferson |
Ben Finney

Pkg-javascript-devel mailing list

Reply via email to