FTR: I have talked to Matthias Klose (doko) at DebConf18 about the
embedding of jquery into javadoc packages. He pointed me to a similar
discussion in doxygen which also embeds jquery while building doc packages.

In short he doesn't consider it to be a worthwhile task because there is
a risk of breaking the documentation when Debian's system jquery version
is either too old or too new. The security risk of embedding jquery is
also rather low in this case because the documentation is static in
contrast to web applications and it is unlikely that users would be
affected by jquery vulnerabilities.

README.jquery in doxygen explains the problem in more detail.

All in all there is no chance that a patch to change the current
situation would be accepted, hence I no longer intend to spend time on it.


Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
 Please use for discussions and questions.

Reply via email to