Re: Security concerns with minified javascript code
On 08/24/2015 01:54 PM, Simon Josefsson wrote:
> I believe the blog post below has relevance to Debian's stance on
> including minified JavaScript in packages:
>
> https://zyan.scripts.mit.edu/blog/backdooring-js/
>
> To me the problem suggests that it is important from a security and
> accountability perspective to 1) include the human-readable source code
> of JavaScript in Debian packages, and 2) to compile the human-readable
> source code into a minified code (if required) during package builds,
> using a JS-minifier that is included in Debian.
>
> Thoughts?
This is anyway mandatory in Debian, so if you find a package who's not
doing this, please file an RC bug.
Thomas
Reply to: