libmozjs and gnome-shell
joss at debian.org
Thu Dec 22 22:15:01 UTC 2011
Le jeudi 22 décembre 2011 à 18:26 +0100, Mike Hommey a écrit :
> > > I've said numerous times that I won't prevent anyone from packaging
> > > libmozjs185. I just won't do it myself. FWIW, the libmozjs185 "upstream"
> > > maintainer was interested in packaging it for debian himself. So anyone
> > > interested should try to contact Wes Garland.
Will do, thanks. I don’t think the best results would be ensured by
packaging it by the GNOME team; we don’t know nothing about this
> > a web browser, so I don't think a second copy would hurt as we simply
> > wouldn't provide sec support for it.
Indeed, you wouldn’t necessarily have to in this situation. Anyway, this
JS code has access to anything the installed GIR packages provide, so
that includes the possibility to do anything the user can do without
having to trick the interpreter. The security challenges are not
remotely comparable to those of a sandbox.
> Arguably, the scripts don't come from the user, but from the net.
Unless the user has downloaded and installed a malicious script, their
origin should be guaranteed. And anyway they wouldn’t need a hole in the
interpreter to do malicious things.
.''`. Josselin Mouette
: :' :
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 190 bytes
Desc: This is a digitally signed message part
More information about the pkg-mozilla-maintainers