On Thu, Sep 6, 2018 at 10:41 PM Sean Whitton <spwhit...@spwhitton.name> wrote: > > Hello, > > On Wed 05 Sep 2018 at 04:38PM +0200, Bastien ROUCARIES wrote: > > >> AFAIUI, Built-Using is solely to be used for compliance with licenses > >> (GPL or GPL-like licenses). Are these node modules under GPL or a > >> GPL-like license? If not, there should be no need for Built-Using. > > > > They are some module under GPL like license not yet pacakged. > > > > But I was thinking Built-Using may be used by security team in order > > to trigger rebuild. > > Yes. Policy was changed to say that Built-Using should be used only for > licensing issues. This was the release team's preference, and I believe > they took the needs of the security team into account in coming to that > preference. Ok adding cc @security
How will you handle security problem in static (browserified/webpacked) javascript library ? Bastien > -- > Sean Whitton