Re: Orphaned Packages in rawhide (2018-08-27) - js-jqeury1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Aug 28, 2018 at 10:44 AM Vít Ondruch <vondruch@xxxxxxxxxx> wrote:



Dne 28.8.2018 v 15:58 Christopher napsal(a):
On Tue, Aug 28, 2018 at 8:49 AM Vít Ondruch <vondruch@xxxxxxxxxx> wrote:

So this is the email announcing orphaning js-jquery1:

https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/MI7W7TT3MUGMQTLYZYE5FKXUJCKFUXU7/

But apparently it is used by more packages then just a few. So is there
somebody, who would be willing (more than me) to keep the package alive?


V.


Given the security vulnerabilities in jQuery 1 (and 2) and the fact that upstream dropped them a long time ago, I strongly recommend the packages be retired than kept alive. Packagers depend on the newer js-jquery (3) instead, patching as needed.

Of course I see your point. Nevertheless, I still believe that it is better to have the CVEs in one package where they will be eventually fixed then spread across the whole Fedora bundled in all packages, because I am quite sure this will be the result of retiring js-jquery1.


That's fair.
 
Speaking of the two rubygem- packages from the list:

1. rubygem-cucumbe is going to be migrated to the latest jQuery. Anyway, this is testing framework, so I don't see the old and vulnerable jQuery as a big deal.

2. I opened ticket to migrate rubygem-apipie-rails to the most recent version of jQuery, but I don't think it is going to happen soon. Also, it is probably used in some generated documentation, not sure how critical the old jQuery is.

And in addition:

3. There is jQuery embedded in every rubygem-*-doc package from rubygem-rdoc. You can use it as and example of bundling. But anyway, this is again "just" documentation, if used, then typically used just locally (although somebody might expose the documentation externally).

V.


[1] https://github.com/Apipie/apipie-rails/issues/628


_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux