[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security concerns with minified javascript code

On Tue, Sep 01, 2015 at 08:15:19AM +0200, Guido Günther wrote:
> Couldn't we just use the non-minified versions in most situations? A
> heavily loaded wordpress site might not be good example but e.g. doxygen
> documentation probably doesn't suffer much from non minified JS.

I fail to see what problem that would solve here. The minification
happens on Debian's buildds using tools from main. What would we gain by
not doing it?

The context of your answer is one of security updates. Why would we want
to do security updates for the JavaScript shipped with documentation? Do
you see an attack vector here?

Even assuming an attack vector, I think the easiest way here would be to
upload a fixed Doxygen and then binNMU/nochange-NMU all reverse
dependencies.

Really, pulling Doxygen in this discussion is a straw man nowadays.
Please pick better examples or arguments.

Helmut
Reply to: