Re: Security concerns with minified javascript code

To: debian-devel@lists.debian.org
Subject: Re: Security concerns with minified javascript code
From: Marvin Renich <mrvn@renich.org>
Date: Thu, 3 Sep 2015 14:57:34 -0400
Message-id: <[🔎] 20150903185734.GI28751@basil.wdw>
In-reply-to: <[🔎] 20150902191433.16a337ad@sylvester.codehelp>
References: <m36140otnx.fsf@neo.luffy.cx> <[🔎] 87wpwai2ri.fsf@thinkpad.rath.org> <[🔎] 87bndm87gd.fsf@zoro.exoscale.ch> <[🔎] 32027870.eszcDKyeSS@odyx.org> <[🔎] m337yyylr4.fsf@neo.luffy.cx> <[🔎] loom.20150902T134758-207@post.gmane.org> <[🔎] 20150902125911.GD28751@basil.wdw> <[🔎] 20150902152105.5860c53c@sylvester.codehelp> <[🔎] 20150902171431.GE28751@basil.wdw> <[🔎] 20150902191433.16a337ad@sylvester.codehelp>

* Neil Williams <codehelp@debian.org> [150902 14:15]:
> On Wed, 2 Sep 2015 13:14:31 -0400 Marvin Renich <mrvn@renich.org> wrote:
> > It is presumed that upstream already has what it considers "source";
> > in the case of this thread, that is minified JS.
> 
> Actually, not. Source, for upstream of JQuery at least, is a set of
> directives to include files into a non-minified jquery.js which is then
> minified as part of the build in Debian.

I stand corrected.

> There are three players:
[large snip]
> It is a complete mess - with the embedding upstreams lost in the middle
> with no idea of what they can do to avoid getting in the way.

I completely agree.

...Marvin

Reply to:

References:
- Re: Security concerns with minified javascript code
  - From: Nikolaus Rath <Nikolaus@rath.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>
- Re: Security concerns with minified javascript code
  - From: Didier 'OdyX' Raboud <odyx@debian.org>
- Re: Security concerns with minified javascript code
  - From: Vincent Bernat <bernat@debian.org>
- Re: Security concerns with minified javascript code
  - From: Thorsten Glaser <t.glaser@tarent.de>
- Re: Security concerns with minified javascript code
  - From: Marvin Renich <mrvn@renich.org>
- Re: Security concerns with minified javascript code
  - From: Neil Williams <codehelp@debian.org>
- Re: Security concerns with minified javascript code
  - From: Marvin Renich <mrvn@renich.org>
- Re: Security concerns with minified javascript code
  - From: Neil Williams <codehelp@debian.org>

Prev by Date: Re: Security concerns with minified javascript code
Next by Date: Bug#797928: ITP: python-cbor -- Python Implementation of RFC 7049. Concise Binary Object Representation (CBOR)
Previous by thread: Re: Security concerns with minified javascript code
Next by thread: Re: Security concerns with minified javascript code
Index(es):
- Date
- Thread