From 8f82e0f48025433b3ec6d2726302a5ce2dc52b48 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Wed, 29 Mar 2023 15:38:49 +0000 Subject: [PATCH] Add Javascript fork warning boilerplate to README Following agreement at the Zed and Antelope PTGs, add a warning for consumers to make them aware that we aren't the authors of the Javascript files in this repository and aren't taking responsibility for addressing security vulnerabilities in them. Adding it to the README.rst ensures that it's prominent both when browsing the source code as well as when looking at future versions of release pages on PyPI, so that it should hopefully come to the attention of direct users and redistributors like distro package maintainers alike. Change-Id: I4cf50a2207abcdb8f050f5f2597ed6ebc635c13a --- README.txt | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.txt b/README.txt index a6a0978..0aaca6f 100644 --- a/README.txt +++ b/README.txt @@ -1,6 +1,14 @@ XStatic-JQuery-Migrate ---------------------- +.. warning:: + This package contains convenience copies of one or more Javascript libraries + which in some cases contain known security vulnerabilities. They are + included for testing purposes and not intended for security sensitive + production deployments. It's assumed that downstream repackaging and + distribution channels will supply their own repacement Javascript libraries + with backported security fixes when relevant. + JQuery-Migrate JavaScript library packaged for setuptools (easy_install) / pip. This package is intended to be used by **any** project that needs these files.