Code copy of older Mozilla code
Mike Hommey
mh at glandium.org
Thu Feb 27 03:06:23 UTC 2014
On Wed, Feb 26, 2014 at 08:53:32PM +0100, Emilio Pozuelo Monfort wrote:
> Hi Moritz,
>
> Laurent spoke to Mike regarding this and Mike said he was thinking/planning on
> dropping libmozjs packages from src:iceweasel (please correct. The only possible
> alternative is to have a code copy as a separate source package (as we have done
> with mozjs and now with mozjs17). Note that depending on mozjs from iceweasel
> would have a big impact on stable when iceweasel is upgraded.
Indeed. The js API and ABI are both highly unstable, so having it
shipped by iceweasel ensures all rdependencies using it will suffer. The
same can be said of xulrunner, and I'm seriously considering killing the
package too (in fact, I'm also pushing to kill it upstream, providing
the functionality itself off firefox). As of current packaging, libmozjs
is gone from the iceweasel 29 package on mozilla.debian.net. I'm tempted
to make it go away as soon as 28.
> I don't think this is a big problem. At least for my use case (gjs & gnome-shell
> and a few other gnome apps) the executed javascript code is the application code
> shipped in their packages, not some random webpages. So we're not exposed to
> malicious code.
... assuming no malicious code is on the gnome shell extensions web
site... That being said, without exploiting the js engine, they probably
can already do a lot of harm.
Mike
More information about the pkg-gnome-maintainers
mailing list