Re: Security concerns with minified javascript code

To: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Dmitry Smirnov <onlyjob@debian.org>
Date: Fri, 28 Aug 2015 19:31:42 +1000
Message-id: <[🔎] 1460523.0ys4lGIrdV@deblab>
In-reply-to: <[🔎] 87wpwk7vgy.fsf@latte.josefsson.org>
References: <[🔎] 87wpwk7vgy.fsf@latte.josefsson.org>

On Monday 24 August 2015 13:54:21 Simon Josefsson wrote:
> I believe the blog post below has relevance to Debian's stance on
> including minified JavaScript in packages:
> 
> https://zyan.scripts.mit.edu/blog/backdooring-js/

Thank you for a nice argument against minification.

During packaging I already had to articulate some reasons against 
minification to several upstreams so I've decided to write a quick summary of 
my reasons against minification in wiki:

    https://wiki.debian.org/onlyjob/no-minification

Once improved, I hope this summary might be considered for inclusion into 
UpstreamGuide or to be used as a reference for discouraging such practice.

-- 
Regards,
 Dmitry Smirnov.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Security concerns with minified javascript code
  - From: Simon Josefsson <simon@josefsson.org>

References:
- Security concerns with minified javascript code
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Bug#797173: ITP: r-cran-estimability -- GNU R package providing tools for determining estimability of linear functions
Next by Date: Re: Security concerns with minified javascript code
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Re: Security concerns with minified javascript code
Index(es):
- Date
- Thread