|
|
|
|
|
|
by notpachet
1588 days ago
|
|
|
> given that it doesn't introduce any more vulnerabilities I think this is where we are in disagreement. You're adding code to Node core in order to support this, which opens the door to new vulnerabilities (bugs) by definition, because people make mistakes. Now you will have two code systems to scrutinize and maintain that are doing essentially the same thing. I don't think the arguably-slightly-better ergonomics of HTTPS imports justifies the increased risk. |
|
|