On 2/28/18 5:23 PM, Nicholas Alexander wrote:
> Hello dev-platform,
> 
> For the reasons outlined at
> https://docs.google.com/document/d/1tOA2aeyjT93OoMv5tUMhAPOkf4rF_IJIHCAoJlwmDHI/edit?usp=sharing,

It would be good to document the security implications of this approach.
By using Node we will probably inherit a large number of third-party
dependencies. Although we could use a service such as the Node Security
Platform [1] to determine the security status of these dependencies,
regular monitoring and upgrading will be needed to ensure that we do not
introduce vulnerabilities into our build process.

Thanks for listening. :-)

Peter

[1] https://nodesecurity.io/


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
dev-builds mailing list
dev-builds@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-builds

Reply via email to