[Pkg-javascript-devel] Draft to embed more than one Node module in a Debian package
Yves-Alexis Perez
corsac at debian.org
Fri Sep 14 13:09:35 BST 2018
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Thu, 2018-09-13 at 11:59 +0200, Xavier wrote:
> After a long discussion in JS team, I built a Wiki draft [2] and I would
> like to have an opinion of Security Team before continuing in this way.
Hi Xavier,
could you elaborate on the precise impact for security updates? If I
understand correctly, what you want is to ship multiple upstream sources in
one Debian source package? Meaning a security issue in any one of the embedded
source would mean shipping a DSA for the whole?
Regards,
- --
Yves-Alexis
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlubpP8ACgkQ3rYcyPpX
RFsu+Qf+L4/vUbK1Jt/JdhwHza2WFrG0bF8Xp9RS18q5vwC6KRa6m2e7X//BBasA
P5dAt0WccfC2GhiA5HyT00TxGJ9bDnIbcjvf57s1bWbiJMjEO9cHCtWudwdUqu0W
pSX6KCFSpiP/vqdxi8uQU/uD7YUz1XecNyy5v6MFX+gh1LYfE2U0fD95fjsnIVWT
3NGy/82qwkb4yKzk/LpgFcrrIMcoX/u2n/2ucg7HdiEaBByxLTLhTz9P5etO0YpO
pkYYOjSD+uVwfp+JtXORVVnZZGRrmJF1y+jjX1uvGARMSXCCwIEJLineKfvgGeYl
maM3Wre/IgwGlOqEgowXxFnd48qnBg==
=qnRx
-----END PGP SIGNATURE-----
More information about the Pkg-javascript-devel
mailing list