Re: Security concerns with minified javascript code

To: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Gunnar Wolf <gwolf@gwolf.org>
Date: Tue, 1 Sep 2015 13:51:44 -0500
Message-id: <[🔎] 20150901185144.GD91621@gwolf.org>
In-reply-to: <87a8tber37.fsf@zoro.exoscale.ch>
References: <20150828082914.GR2641@var.home> <87a8tber37.fsf@zoro.exoscale.ch>

Vincent Bernat dijo [Fri, Aug 28, 2015 at 10:48:28AM +0200]:
> >> What will happen is that maintainers will fallback to the second less
> >> horrible solution and cripple the package (by using an older version of
> >> the JS lib for example) to allow it to stay in main.
> >
> > Why would they want to stay in main?
> 
> [...]
> 
> > I had the same issue with loadlin: it could only be built on MS-DOS with
> > the proprietary tasm, and thus got #356055. I thus extended the free
> > yasm to recognized the tasm syntax, and patched loadlin a bit to remove
> > some extensions which were hard to implement in yasm but easy to replace
> > in loadlin.
> >
> > Then it could stay in main.
> 
> Here is why.

So, in short, this could be read as "it implies extra work".

But what makes Debian famous for is that we as developers *do* make
that extra work.

It is a great benefit to our users, and it's a core value of the
project. So core, that it is encoded in our foundational documents.

Reply to:

Prev by Date: Re: Polkit: prompt for root password
Next by Date: Re: Polkit: prompt for root password
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Re: How to read mail addressed to "root" from "root" user?
Index(es):
- Date
- Thread