[Pkg-javascript-devel] Browserified copy and DFSG
Bastien ROUCARIES
roucaries.bastien at gmail.com
Fri Sep 7 12:22:50 BST 2018
On Thu, Sep 6, 2018 at 10:41 PM Sean Whitton <spwhitton at spwhitton.name> wrote:
>
> Hello,
>
> On Wed 05 Sep 2018 at 04:38PM +0200, Bastien ROUCARIES wrote:
>
> >> AFAIUI, Built-Using is solely to be used for compliance with licenses
> >> (GPL or GPL-like licenses). Are these node modules under GPL or a
> >> GPL-like license? If not, there should be no need for Built-Using.
> >
> > They are some module under GPL like license not yet pacakged.
> >
> > But I was thinking Built-Using may be used by security team in order
> > to trigger rebuild.
>
> Yes. Policy was changed to say that Built-Using should be used only for
> licensing issues. This was the release team's preference, and I believe
> they took the needs of the security team into account in coming to that
> preference.
Ok adding cc @security
How will you handle security problem in static
(browserified/webpacked) javascript library ?
Bastien
> --
> Sean Whitton
More information about the Pkg-javascript-devel
mailing list