[webkit-dev] Hosting precompiled `jsc` binaries for Linux

Alexey Proskuryakov ap at webkit.org
Tue Dec 12 11:21:54 PST 2017

> 12 дек. 2017 г., в 10:58, Mathias Bynens <mths at google.com> написал(а):
> Yes, there is such an expectation. jsvu has a policy of only using URLs “that are controlled by the creators of the JavaScript engine”: https://github.com/GoogleChromeLabs/jsvu#security-considerations <https://github.com/GoogleChromeLabs/jsvu#security-considerations>
This is explained as a security policy. If the project considers Igalia builds unsafe, how are the same bits copied to another domain by an automated process any better?

I'm not necessarily objecting against the copying, but trying to make a legitimate story for why any extra work is needed.

- Alexey

> Anything not on *.webkit.org <http://webkit.org/> or similar, or anything not on on S2 buckets that are owned by Apple directly, does not fit that policy.
> On Tue, Dec 12, 2017 at 7:35 PM, Alexey Proskuryakov <ap at webkit.org <mailto:ap at webkit.org>> wrote:
>> 12 дек. 2017 г., в 1:34, Mathias Bynens <mths at google.com <mailto:mths at google.com>> написал(а):
>> It would be great to make such downloads available from webkit.org <http://webkit.org/> or
>> a similar domain!
> Can you explain in more detail why this is important?
> If there is an expectation that this will make the builds more official in some way, then I'd like to understand the difference better. For example, will having links to igalia.com <http://igalia.com/> on webkit.org <http://webkit.org/> work just as well?
> - Alexey

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20171212/d0f7a5c7/attachment.html>

More information about the webkit-dev mailing list