[Pkg-javascript-devel] Draft to embed more than one Node module in a Debian package
Xavier
yadd at debian.org
Tue Sep 18 20:14:25 BST 2018
Le 14/09/2018 à 14:09, Yves-Alexis Perez a écrit :
> On Thu, 2018-09-13 at 11:59 +0200, Xavier wrote:
>> After a long discussion in JS team, I built a Wiki draft [2] and I would
>> like to have an opinion of Security Team before continuing in this way.
>
> Hi Xavier,
>
> could you elaborate on the precise impact for security updates? If I
> understand correctly, what you want is to ship multiple upstream sources in
> one Debian source package? Meaning a security issue in any one of the embedded
> source would mean shipping a DSA for the whole?
>
> Regards,
Hi Yves-Alexis,
this is the goal of the little "policy": providing all packages using
"Provides:" will avoid having the same module embedded in more than one
package. So DSA will apply for only one package. If embedded module is
used only during tests, it can be omitted.
More information about the Pkg-javascript-devel
mailing list