diff options
author | Jeremy Stanley <fungi@yuggoth.org> | 2023-03-29 15:38:49 +0000 |
---|---|---|
committer | Jeremy Stanley <fungi@yuggoth.org> | 2023-03-29 15:48:06 +0000 |
commit | 8f82e0f48025433b3ec6d2726302a5ce2dc52b48 (patch) | |
tree | a7f0c5124b6b3281f950c352075552a03a0b3d35 | |
parent | 2d1952a662abbc344bf6380d64988e2c8cba1b5b (diff) | |
download | xstatic-jquery-migrate-master.tar.gz |
Following agreement at the Zed and Antelope PTGs, add a warning for
consumers to make them aware that we aren't the authors of the
Javascript files in this repository and aren't taking responsibility
for addressing security vulnerabilities in them. Adding it to the
README.rst ensures that it's prominent both when browsing the source
code as well as when looking at future versions of release pages on
PyPI, so that it should hopefully come to the attention of direct
users and redistributors like distro package maintainers alike.
Change-Id: I4cf50a2207abcdb8f050f5f2597ed6ebc635c13a
-rw-r--r-- | README.txt | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -1,6 +1,14 @@ XStatic-JQuery-Migrate ---------------------- +.. warning:: + This package contains convenience copies of one or more Javascript libraries + which in some cases contain known security vulnerabilities. They are + included for testing purposes and not intended for security sensitive + production deployments. It's assumed that downstream repackaging and + distribution channels will supply their own repacement Javascript libraries + with backported security fixes when relevant. + JQuery-Migrate JavaScript library packaged for setuptools (easy_install) / pip. This package is intended to be used by **any** project that needs these files. |