-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, 2018-09-13 at 11:59 +0200, Xavier wrote: > After a long discussion in JS team, I built a Wiki draft [2] and I would > like to have an opinion of Security Team before continuing in this way.
Hi Xavier, could you elaborate on the precise impact for security updates? If I understand correctly, what you want is to ship multiple upstream sources in one Debian source package? Meaning a security issue in any one of the embedded source would mean shipping a DSA for the whole? Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlubpP8ACgkQ3rYcyPpX RFsu+Qf+L4/vUbK1Jt/JdhwHza2WFrG0bF8Xp9RS18q5vwC6KRa6m2e7X//BBasA P5dAt0WccfC2GhiA5HyT00TxGJ9bDnIbcjvf57s1bWbiJMjEO9cHCtWudwdUqu0W pSX6KCFSpiP/vqdxi8uQU/uD7YUz1XecNyy5v6MFX+gh1LYfE2U0fD95fjsnIVWT 3NGy/82qwkb4yKzk/LpgFcrrIMcoX/u2n/2ucg7HdiEaBByxLTLhTz9P5etO0YpO pkYYOjSD+uVwfp+JtXORVVnZZGRrmJF1y+jjX1uvGARMSXCCwIEJLineKfvgGeYl maM3Wre/IgwGlOqEgowXxFnd48qnBg== =qnRx -----END PGP SIGNATURE----- -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel