On Sat, Jan 19, 2019 at 07:47:51AM +0800, Paul Wise wrote: > On Fri, Jan 18, 2019 at 11:51 PM Adam Borowski wrote: > > > I'm not entirely sure if enabling javascript is such a hot idea in a > > codebase that hardly sees maintenance these days. But it's up to you... > > Personally I think the users of terminal-based web browsers would be > very surprised and possibly upset that their browser suddenly supports > JavaScript. At minimum, I would suggest a NEWS.Debian entry about > this. The most ideal situation would be to leave it off by default but > have a command-line option to turn it on.
I wouldn't be _this_ negative, but only if the defaults are reasonable (ie, javascript only from the first-party site, akin to Firefox with uMatrix in its default configuration). I don't know how good this implementation of Javascript is in practice -- previous attempt sucked -- but quite a large part of sites rely on that abomination to display meaningful contents. Thus, it might work adequately, only testing can show. It's up to Ahmed to decide -- this kind of decisions are what we have maintainers for (before users start spamming complaints :p). My remark was mostly about a project dormant for years -- or, with the fork, not established enough to be trusted for security matters -- not being able to provide reasonable support for something that's a notorious attack surface. Meow! -- ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ Remember, the S in "IoT" stands for Security, while P stands ⢿⡄⠘⠷⠚⠋⠀ for Privacy. ⠈⠳⣄⠀⠀⠀⠀
