I was thinking about this.

Actually, many files are text files and could be considered as sources
files (excluding minified files which are obviously generated).

But many of them contains the same thing:
- javascript code:
- js files meant to be used with node.js [0]
- js files for svg webfont [1]
- glyph data (shape paths):
- single svg containing all glyphs [2]
- multiple svg containing only one glyph each [3]
- glyphs metadata contain glyph svg in a "raw" field [4]
- js files for node.js contains glyph path data [5]
- typescript files (*.d.ts) for node.js seem to be all the same, see 2
examples:
[6], [7]
- advanced-options/use-with-node-js/fontawesome-free/ [8] folder seems
to contain many files also in web-fonts-with-css/ [9] and in
advanced-options/use-with-node-js/fontawesome-free-webfonts/ [10]
- [11] and [12] seems to be the same (beside the version in comments)
- There are multiple fonts format (otf, ttf, woff2, ...), by reading
trough issues on github, it seems that there are all generated from the
.otf ones, but using an online website ([13])
- There are also svg files containing all glyphs along with webfonts
[14], maybe same as [2]

There are probably other files duplicated.

All files are just text files that can be patched easily beside fonts
and .min.* files.
I mean, there are not opaque binaries that can't be patched without
specialized tools and knowledge.

But one issue in one of them will probably require modification in some
other files too.

This can be OK though ("just" a maintenance burden to remember that a
bug might span multiple files)
Not sure what to think about generated webfonts.

At least, minified files can be regenerated at package build time with
known tools that does this (maybe upstream can help to use the same tool
as them)

I also think of the many potential reverse dependencies once
python3-sphinx will move to font awesome 5. It would be great to have
font awesome 5 in main avoiding them to move to contrib.



Keeping minified files appart, given the nature of generated files
(either correctly indented files or font files), I'm leaning toward
Simon's way to think about this.

What do you think Walter ?

Thanks
[0]
https://github.com/FortAwesome/Font-Awesome/blob/master/advanced-options/use-with-node-js/fontawesome/index.js
[1]
https://github.com/FortAwesome/Font-Awesome/blob/master/svg-with-js/js/fontawesome.js

[2]
https://github.com/FortAwesome/Font-Awesome/blob/master/advanced-options/svg-sprites/fa-solid.svg
[3]
https://raw.githubusercontent.com/FortAwesome/Font-Awesome/master/advanced-options/raw-svg/solid/address-book.svg
[4]
https://raw.githubusercontent.com/FortAwesome/Font-Awesome/master/advanced-options/metadata/icons.json
[5]
https://github.com/FortAwesome/Font-Awesome/blob/master/advanced-options/use-with-node-js/fontawesome-free-solid/faAddressBook.js

[6]
https://github.com/FortAwesome/Font-Awesome/blob/master/advanced-options/use-with-node-js/fontawesome-free-solid/faAddressBook.d.ts
[7]
https://github.com/FortAwesome/Font-Awesome/blob/master/advanced-options/use-with-node-js/fontawesome-free-solid/faAddressCard.d.ts

[8]
https://github.com/FortAwesome/Font-Awesome/tree/master/advanced-options/use-with-node-js/fontawesome-free
[9]
https://github.com/FortAwesome/Font-Awesome/tree/master/web-fonts-with-css
[10]
https://github.com/FortAwesome/Font-Awesome/tree/master/advanced-options/use-with-node-js/fontawesome-free-webfonts

[11]
https://github.com/FortAwesome/Font-Awesome/blob/master/advanced-options/use-with-node-js/fontawesome-svg-core/styles.css
[12]
https://github.com/FortAwesome/Font-Awesome/blob/master/advanced-options/use-with-node-js/fontawesome/styles.css

[13] https://www.fontsquirrel.com/tools/webfont-generator

[14]
https://raw.githubusercontent.com/FortAwesome/Font-Awesome/master/web-fonts-with-css/webfonts/fa-solid-900.svg

I agree with Ian on this; build systems can have extra code in them that we may need (e.g., a build system that generates new files for a given computer that are then compiled into the final executable). They aren't optional, not in Free software.

My personal rule of thumb is that if a human being generated the file, then we need that file. Anything that is generated from human generated files (e.g., the icon that was generated from the GIMP file, or the executable from the original source files), doesn't need to be included.
Moreover, where do we draw the line? I've written code generators before that generate VAST amounts of highly optimized code (think on the order of a million lines of C code in one file). I could create a project where I open source the generated code, but keep the code generator to myself. At that point, there is no simple method of checking the file; I might have hand-edited a few of the generated functions to do something 'extra'. If you had the code generator in hand, you could check it, then compare its output against the file I supply to see if there are any differences. The important thing here is that one human being is approximately equal to another human being in terms of level of effort required to generate or check material; if someone else had access to my code generator, it would take them approximately as long to check it as it took me to write it, so my ability to hide anything nefarious is dramatically limited[1].

So, I vote for requiring the build files **and anything else created by a human** before accepting it as open source.

Thanks,
Cem Karan

[1] Yes, you can do some really, really clever things to obfuscate what you're doing; witness The International Obfuscated C Code Contest (https://www.ioccc.org/), or The Underhanded C Contest (http://www.underhanded-c.org/). However, you can't do the equivalent of a DOS attack on all people that are checking your code; I believe that the time to check human generated code versus create it is O(1) (although the constant that is hidden in there may be high). A computer can generate infinite amounts of code in relation to the amount of input. At that point, no human checker (or even team of checkers) can verify the output.