Re: Security concerns with minified javascript code

To: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Bas Wijnen <wijnen@debian.org>
Date: Sun, 30 Aug 2015 20:36:16 +0000
Message-id: <[🔎] 20150830203616.GU16029@spark.dtdns.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] m3io7x2cw4.fsf@neo.luffy.cx>
References: <[🔎] 20150825175820.GF16029@spark.dtdns.net> <[🔎] 87y4gzm5qs.fsf@zoro.exoscale.ch> <[🔎] 20150825223741.GH16029@spark.dtdns.net> <[🔎] 87d1yamx2y.fsf@zoro.exoscale.ch> <[🔎] 20150827220443.GJ16029@spark.dtdns.net> <[🔎] m36140otnx.fsf@neo.luffy.cx> <[🔎] 20150830021249.GA9269@virgil.dodds.net> <[🔎] m3a8t942i2.fsf@neo.luffy.cx> <[🔎] 20150830115237.GR16029@spark.dtdns.net> <[🔎] m3io7x2cw4.fsf@neo.luffy.cx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, Aug 30, 2015 at 02:12:43PM +0200, Vincent Bernat wrote:
> This is becoming quite a stretch. At this rate, we will fail to match
> SC#2 because we ship previous versions of software and upstream is
> unlikely to accept a patch against a non-current version.

So you do not care if we (or our users) can send patches upstream in a good
way, you do not care if source is provided, and you do not care if a compiler
is in main.

Why do you care that software is in main, if you evidently do not care about
any of the rules we have for it?

Thanks,
Bas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJV42k/AAoJEJzRfVgHwHE6YD8P/0GDf8O3gZ5fmnsczeWVRTcf
qWUsWC3/o8tUC2tQ4otxY8TY7/YbkXeV1ZUmu8NlIiPyQPNc+iBDEWElis+cESjg
fPO6MibCL69jHRUCfW1c9p/CNDbdk7qCwuxokTtCBSH2W9j0uBqnFzCbkDqXeR3Q
ZfYDtHdfRW+k7t9pw0uLgiAgRvCzRP0yKehiztOHAm2/lV4pdvMYYzc9CdcGBZr6
J0S9m/R8fdlPBOELXHt+8V1luAbGlTHGqfaEqkHVCrwzdkHnmbI/xLr1wf+wJTM/
Lrotm5CBrVEVGIPX6kUxl+jMLRRRm+tETVEuVHnShD71ZxFmVl4bLcIrtuC/hM9f
GCxICn6KxAHpCPaXZN5U8N8v+JooskGdENwBfLx1xqry1qf4bPruetZ+w6Fn4jjy
rPaJmV6vkhw7dYmGWQHO02mRGLqAyTOsnbQhDOpFyTERU6YO5DrB3DfyGwKimLGE
ff3AUMKBXITq9nn5/lpb28vyHDPCoTq/oxf85V/buSmnTkJr2y8Konv8RATb5ckR
WcqR4QlNRQr+DTSmMuHdeWp6gxUwDq81g2s1ij28Ib5GqtVv2byfl9LB9E8Thdym
90R+ckZ6GU+WmK8NgoF4x4jxgp6L+9BmdnfxePlctSvHNW1SnmTxccffIgWg7cGB
3jf1BmpZQCZs4ddFo8+f
=hkQ+
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: Security concerns with minified javascript code
  - From: Raphael Hertzog <hertzog@debian.org>

References:
- Re: Security concerns with minified javascript code
  - From: Bas Wijnen <wijnen@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>
- Re: Security concerns with minified javascript code
  - From: Bas Wijnen <wijnen@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>
- Re: Security concerns with minified javascript code
  - From: Bas Wijnen <wijnen@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>
- Re: Security concerns with minified javascript code
  - From: Steve Langasek <vorlon@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>
- Re: Security concerns with minified javascript code
  - From: Bas Wijnen <wijnen@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>

Prev by Date: Re: system upgrade by systemd
Next by Date: Bug#797467: ITP: r-cran-contfrac -- GNU R package providing various utilities for evaluating continued fractions
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Re: Security concerns with minified javascript code
Index(es):
- Date
- Thread