On Tue, Aug 28, 2018 at 10:44 AM Vít Ondruch <vondruch@xxxxxxxxxx> wrote:
Dne 28.8.2018 v 15:58 Christopher napsal(a):
On Tue, Aug 28, 2018 at 8:49 AM Vít Ondruch <vondruch@xxxxxxxxxx> wrote:
So this is the email announcing orphaning js-jquery1:
https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/MI7W7TT3MUGMQTLYZYE5FKXUJCKFUXU7/
But apparently it is used by more packages then just a few. So is there
somebody, who would be willing (more than me) to keep the package alive?
V.
Given the security vulnerabilities in jQuery 1 (and 2) and the fact that upstream dropped them a long time ago, I strongly recommend the packages be retired than kept alive. Packagers depend on the newer js-jquery (3) instead, patching as needed.
Of course I see your point. Nevertheless, I still believe that it is better to have the CVEs in one package where they will be eventually fixed then spread across the whole Fedora bundled in all packages, because I am quite sure this will be the result of retiring js-jquery1.
That's fair.
Speaking of the two rubygem- packages from the list:_______________________________________________
1. rubygem-cucumbe is going to be migrated to the latest jQuery. Anyway, this is testing framework, so I don't see the old and vulnerable jQuery as a big deal.
2. I opened ticket to migrate rubygem-apipie-rails to the most recent version of jQuery, but I don't think it is going to happen soon. Also, it is probably used in some generated documentation, not sure how critical the old jQuery is.
And in addition:
3. There is jQuery embedded in every rubygem-*-doc package from rubygem-rdoc. You can use it as and example of bundling. But anyway, this is again "just" documentation, if used, then typically used just locally (although somebody might expose the documentation externally).
V.
[1] https://github.com/Apipie/apipie-rails/issues/628
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx