[Pkg-javascript-devel] the status of JS in buster: great !
Jérémy Lal
kapouer at melix.org
Tue Feb 26 09:33:45 GMT 2019
Le mar. 26 févr. 2019 à 01:55, W. Martin Borgert <debacle at debian.org> a
écrit :
> On 2019-02-26 10:09, Ben Finney wrote:
> > It's good to be able to avoid, at least in some measure, the security
> > tragedy that is most of the advice to modern web developers.
> >
> > It has been demonstrated more than enough times that I should not trust
> > npm with installing applications on my workstation, so Debian packages
> > make my work much better.
>
> +1
>
> For an announcement, we should think about what our message is.
> Not more than two or three points. Such an announcement will
> spread over all the net and will also provoke dissent. It must
> be well-founded and well written.
>
> IMHO, the "web developers security tragedy" must be one of them.
> With a short explanation why Debian packages are better than the
> stuff you get from strangers (minified, embedded code copies,
> random versions, no source code, unclear licenses, etc.).
>
> Another point might be convenience. To have everyting in one
> package management system, not spread over npm, pip, melpa, gem,
> is just useful and practical. Maybe with mentioning advantages
> for both development and deployment of web applications.
>
If the announcement is talking about security, we should make sure there is
no planned security exception for nodejs in Buster.
Jérémy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20190226/af733c95/attachment.html>
More information about the Pkg-javascript-devel
mailing list