Re: Security concerns with minified javascript code

To: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Samuel Thibault <sthibault@debian.org>
Date: Fri, 28 Aug 2015 11:03:52 +0200
Message-id: <[🔎] 20150828090352.GA2732@var.bordeaux.inria.fr>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87a8tber37.fsf@zoro.exoscale.ch>
References: <[🔎] 20150828082914.GR2641@var.home> <[🔎] 87a8tber37.fsf@zoro.exoscale.ch>

Vincent Bernat, le Fri 28 Aug 2015 10:48:28 +0200, a écrit :
>  ❦ 28 août 2015 10:29 +0200, Samuel Thibault <sthibault@debian.org> :
> 
> >> What will happen is that maintainers will fallback to the second less
> >> horrible solution and cripple the package (by using an older version of
> >> the JS lib for example) to allow it to stay in main.
> >
> > Why would they want to stay in main?

Ergl, I meant to drop that one sentence, and forgot to before sending.

> [...]
> 
> > I had the same issue with loadlin: it could only be built on MS-DOS with
> > the proprietary tasm, and thus got #356055. I thus extended the free
> > yasm to recognized the tasm syntax, and patched loadlin a bit to remove
> > some extensions which were hard to implement in yasm but easy to replace
> > in loadlin.
> >
> > Then it could stay in main.
> 
> Here is why.

And so they should work on making it happen, just like I did.

Samuel

Reply to:

References:
- Re: Security concerns with minified javascript code
  - From: Samuel Thibault <sthibault@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Re: Security concerns with minified javascript code
Next by Date: Bug#797173: ITP: r-cran-estimability -- GNU R package providing tools for determining estimability of linear functions
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Re: Security concerns with minified javascript code
Index(es):
- Date
- Thread