On 2/28/18 5:23 PM, Nicholas Alexander wrote: > Hello dev-platform, > > For the reasons outlined at > https://docs.google.com/document/d/1tOA2aeyjT93OoMv5tUMhAPOkf4rF_IJIHCAoJlwmDHI/edit?usp=sharing,
It would be good to document the security implications of this approach. By using Node we will probably inherit a large number of third-party dependencies. Although we could use a service such as the Node Security Platform [1] to determine the security status of these dependencies, regular monitoring and upgrading will be needed to ensure that we do not introduce vulnerabilities into our build process. Thanks for listening. :-) Peter [1] https://nodesecurity.io/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-builds mailing list dev-builds@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-builds
