Le mar. 26 févr. 2019 à 01:55, W. Martin Borgert <[email protected]> a écrit :
> On 2019-02-26 10:09, Ben Finney wrote: > > It's good to be able to avoid, at least in some measure, the security > > tragedy that is most of the advice to modern web developers. > > > > It has been demonstrated more than enough times that I should not trust > > npm with installing applications on my workstation, so Debian packages > > make my work much better. > > +1 > > For an announcement, we should think about what our message is. > Not more than two or three points. Such an announcement will > spread over all the net and will also provoke dissent. It must > be well-founded and well written. > > IMHO, the "web developers security tragedy" must be one of them. > With a short explanation why Debian packages are better than the > stuff you get from strangers (minified, embedded code copies, > random versions, no source code, unclear licenses, etc.). > > Another point might be convenience. To have everyting in one > package management system, not spread over npm, pip, melpa, gem, > is just useful and practical. Maybe with mentioning advantages > for both development and deployment of web applications. > If the announcement is talking about security, we should make sure there is no planned security exception for nodejs in Buster. Jérémy
-- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
