Comment on Apple forgot to disable production source maps on the App Store web app
count_dongulus@lemmy.world 4 days ago
It’s client code, nothing there is secret. It’s served to you on a platter. Minifying is just to shrink it. Obfuscation is security theater.
mudkip@lemdro.id 4 days ago
the comments referencing internal tickets and todos?
count_dongulus@lemmy.world 4 days ago
IMO it’s sloppy, or at least a code smell, to be merging changes that still have comments like that into commercial software main branches to begin with. But it’s still not a security issue or anything like that.
The future engineer who picks up whatever ticket that’s referenced is going to have no idea that comment exists in that file unless it’s called out in the ticket anyway, or peoole just know to globally search for references to whatever ticket they picked up in a given day for some person’s old notes. At that point, just share a link in the ticket to however many lines of code are relevant. Quite irritating to see an old comment in the code saying something like “TODO: Remove once PROJ-1234 is done” and PROJ-1234 was marked done three years ago. Does it still need to go? Why was it left in?
0x0@lemmy.dbzer0.com 4 days ago
I’ve never heard this opinion before. My feeling is that it’s sloppy not to (selectively) annotate your code with TODO comments linking to the issue tracker. Code doesn’t live in a vacuum; there’s context that is sometimes infeasible to provide without linking out.