[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

Samuel Thibault <sthibault@debian.org> writes:

> I however agree that it seems poor practice to duplicate these build
> modules in every packages. But if the required versions are different,
> there is no real other way.

There is another solution: put several different versions of the same
source code into some Debian meta-package.  Not pleasant, but as long as
different projects have strict version dependencies on the same
libraries, this would work.

That said, I think it is simpler to include the entire dependency chain
into each application package.  It leads to source code duplication
which is a security team concern, but at least that is an understandable


Attachment: signature.asc
Description: PGP signature

Reply to: