On Fri, Mar 17, 2017 at 3:26 PM, Ehsan Akhgari <ehsan.akhg...@gmail.com> wrote:
> We have library imports that are forks, for example > > dom/media/webaudio/blink, as the README file explains. That should > probably be removed from that list. > Forks are tricky. Just because we can't directly import the upstream doesn't mean we're not affected by security vulnerabilities found and fixed in the upstream. We still need to track it, but it will take more work and it will require a tracking system that can record "we're using 3.2.1 base + patches ; we've got what we needed up to 3.7.8; current upstream is 3.7.9" -Dan Veditz _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
