On 04/20/2017 11:09 AM, Bastien ROUCARIES wrote: > I have planned to add a big fat warning about safety of > browserify-crypto. I am myself unease to use it but it is needed for > browserify. > > Do you prefer a README.debian per pure js crypto package ?
Maybe also add something along the lines of | For security considerations of this package please consult | README.Debian. to the package's extended description? (Or is that against policy?) > I plan to patch browserify and add a flag in order to use the crypto API. Isn't browserify a JS minifier? Why would that need DH key exchange anyway? I'm a bit confused here... Regards, Christian