[Pkg-javascript-devel] the status of JS in buster: great !
W. Martin Borgert
debacle at debian.org
Tue Feb 26 00:55:05 GMT 2019
On 2019-02-26 10:09, Ben Finney wrote:
> It's good to be able to avoid, at least in some measure, the security
> tragedy that is most of the advice to modern web developers.
>
> It has been demonstrated more than enough times that I should not trust
> npm with installing applications on my workstation, so Debian packages
> make my work much better.
+1
For an announcement, we should think about what our message is.
Not more than two or three points. Such an announcement will
spread over all the net and will also provoke dissent. It must
be well-founded and well written.
IMHO, the "web developers security tragedy" must be one of them.
With a short explanation why Debian packages are better than the
stuff you get from strangers (minified, embedded code copies,
random versions, no source code, unclear licenses, etc.).
Another point might be convenience. To have everyting in one
package management system, not spread over npm, pip, melpa, gem,
is just useful and practical. Maybe with mentioning advantages
for both development and deployment of web applications.
More information about the Pkg-javascript-devel
mailing list