| ▲ | cygx an hour ago | |||||||
it's far from a given that the tools (e.g. browsers) used to read it are safe from malicious documentation files Generated HTML files are potentially easier to audit than the scripts/toolchains used to generate them on an end user's machine if you do not pre-generate them. Off the top of my head, other things I've done is committing RELAX NG *.rnc files, but shipping *.rng files, or generating C header files for various types of data (think `xxd -i` in case of binary files, but also just large chunks of plain text that gets wrapped into a C string). | ||||||||
| ▲ | g-b-r an hour ago | parent [-] | |||||||
Hmm, potentially, the problem is that hardly anyone ever audits packages, while at least someone occasionally gives a look at a repository history Can't the things you list be part of the build scripts? | ||||||||
| ||||||||