[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

Vincent Bernat dijo [Fri, Aug 28, 2015 at 10:48:28AM +0200]:
> >> What will happen is that maintainers will fallback to the second less
> >> horrible solution and cripple the package (by using an older version of
> >> the JS lib for example) to allow it to stay in main.
> >
> > Why would they want to stay in main?
> [...]
> > I had the same issue with loadlin: it could only be built on MS-DOS with
> > the proprietary tasm, and thus got #356055. I thus extended the free
> > yasm to recognized the tasm syntax, and patched loadlin a bit to remove
> > some extensions which were hard to implement in yasm but easy to replace
> > in loadlin.
> >
> > Then it could stay in main.
> Here is why.

So, in short, this could be read as "it implies extra work".

But what makes Debian famous for is that we as developers *do* make
that extra work.

It is a great benefit to our users, and it's a core value of the
project. So core, that it is encoded in our foundational documents. 

Reply to: