On Wed, Oct 9, 2013 at 4:28 PM, Philipp Kewisch <mozi...@kewis.ch> wrote: > I think its the wrong conclusion, shouldn't we rather be fixing security > holes and analysing the code for vulnerabilities than removing random things > just because of their potential risk?
Those options are not mutually exclusive; we should be doing both. There's obvious value in thinking about ways to reduce our attack surface, and that's all Gerv was suggesting we do. Obviously there are tradeoffs involved, and we need to evaluate them when making any decisions. Arguing that removing anything would be equivalent to removing support for JS is not really useful. I don't think anyone in this thread was actually mistaken into thinking that removing RDF or XSLT was as simple as an "hg rm". That removing them is harder than that doesn't mean it's not worth thinking about (and indeed much thinking about it has been done, in e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=833098). Gavin _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform