On Sat, Jan 19, 2019 at 07:47:51AM +0800, Paul Wise wrote:
> On Fri, Jan 18, 2019 at 11:51 PM Adam Borowski wrote:
> > I'm not entirely sure if enabling javascript is such a hot idea in a
> > codebase that hardly sees maintenance these days.  But it's up to you...
> Personally I think the users of terminal-based web browsers would be
> very surprised and possibly upset that their browser suddenly supports
> JavaScript. At minimum, I would suggest a NEWS.Debian entry about
> this. The most ideal situation would be to leave it off by default but
> have a command-line option to turn it on.

I wouldn't be _this_ negative, but only if the defaults are reasonable (ie,
javascript only from the first-party site, akin to Firefox with uMatrix in
its default configuration).  I don't know how good this implementation of
Javascript is in practice -- previous attempt sucked -- but quite a large
part of sites rely on that abomination to display meaningful contents.

Thus, it might work adequately, only testing can show.  It's up to Ahmed to
decide -- this kind of decisions are what we have maintainers for (before
users start spamming complaints :p).

My remark was mostly about a project dormant for years -- or, with the fork,
not established enough to be trusted for security matters -- not being able
to provide reasonable support for something that's a notorious attack

⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands
⢿⡄⠘⠷⠚⠋⠀ for Privacy.

Reply via email to