Re: Security concerns with minified javascript code

To: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Samuel Thibault <sthibault@debian.org>
Date: Wed, 2 Sep 2015 09:28:44 +0200
Message-id: <[🔎] 20150902072844.GG1962@var.home>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 87oahlskai.fsf@hope.eyrie.org>
References: <[🔎] 20150902004630.GA16895@x> <[🔎] 87oahlskai.fsf@hope.eyrie.org>

Russ Allbery, le Tue 01 Sep 2015 18:05:09 -0700, a écrit :
> Healthy language communities have their own metadata systems and
> standardized build systems that allow Debian packaging to be nearly
> automated, *provided* that we use the same unit of distribution as
> upstream.

I understand that using the same unit of distribution helps, but I'd
tend to think that with not too much work you can achieve automated
packaging of collections of upstream packages.

Notably, the whole minification toolchain could be uploaded as just one
package, using on each upload the set of versions that upstream is known
to be using.

Samuel

Reply to:

Follow-Ups:
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>

References:
- Re: Security concerns with minified javascript code
  - From: Josh Triplett <josh@joshtriplett.org>
- Re: Security concerns with minified javascript code
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Bug#797654: ITP: s3backer -- Amazon AWS S3-backed virtual hard disk device
Next by Date: Re: Security concerns with minified javascript code
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Re: Security concerns with minified javascript code
Index(es):
- Date
- Thread