[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

On 08/24/2015 01:54 PM, Simon Josefsson wrote:
> I believe the blog post below has relevance to Debian's stance on
> including minified JavaScript in packages:
> https://zyan.scripts.mit.edu/blog/backdooring-js/
> To me the problem suggests that it is important from a security and
> accountability perspective to 1) include the human-readable source code
> of JavaScript in Debian packages, and 2) to compile the human-readable
> source code into a minified code (if required) during package builds,
> using a JS-minifier that is included in Debian.
> Thoughts?

This is anyway mandatory in Debian, so if you find a package who's not
doing this, please file an RC bug.


Reply to: