Re: Security concerns with minified javascript code

To: Dmitry Smirnov <onlyjob@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Simon Josefsson <simon@josefsson.org>
Date: Fri, 28 Aug 2015 12:56:48 +0200
Message-id: <[🔎] 87k2sf65qn.fsf@latte.josefsson.org>
In-reply-to: <[🔎] 1460523.0ys4lGIrdV@deblab> (Dmitry Smirnov's message of "Fri, 28 Aug 2015 19:31:42 +1000")
References: <[🔎] 87wpwk7vgy.fsf@latte.josefsson.org> <[🔎] 1460523.0ys4lGIrdV@deblab>

Dmitry Smirnov <onlyjob@debian.org> writes:

> On Monday 24 August 2015 13:54:21 Simon Josefsson wrote:
>> I believe the blog post below has relevance to Debian's stance on
>> including minified JavaScript in packages:
>> 
>> https://zyan.scripts.mit.edu/blog/backdooring-js/
>
> Thank you for a nice argument against minification.
>
> During packaging I already had to articulate some reasons against 
> minification to several upstreams so I've decided to write a quick summary of 
> my reasons against minification in wiki:
>
>     https://wiki.debian.org/onlyjob/no-minification
>
> Once improved, I hope this summary might be considered for inclusion into 
> UpstreamGuide or to be used as a reference for discouraging such practice.

Nice writeup, thank you!

/Simon

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Security concerns with minified javascript code
  - From: Simon Josefsson <simon@josefsson.org>
- Re: Security concerns with minified javascript code
  - From: Dmitry Smirnov <onlyjob@debian.org>

Prev by Date: Re: Security concerns with minified javascript code
Next by Date: Bug#797202: ITP: r-cran-elliptic -- GNU R package providing elliptic and related functions
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Bits from Perl maintainers
Index(es):
- Date
- Thread