Re: List of long term FTBFS packages to be retired in August

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 29. 06. 20 17:49, Vít Ondruch wrote:

Dne 29. 06. 20 v 17:21 Miro Hrončok napsal(a):

js-jquery1             nodejs-sig, patches, vondruch   Fedora 30
js-jquery2             vondruch                        Fedora 30
js-sizzle              nodejs-sig, patches, vondruch   Fedora 30


I was ranting about js-jquery (and js-sizzle is dependency of js-jquery)
on this list already several times. I picked it up just to keep it alive
in whatever state, because bundling it everywhere won't make things
better. So is there anybody who would like to give it some love? Or
should I let the packages finally go and let everybody else to bundle
whatever they want?


Since the packages are on their way to retirement, I've taken a look.

1) I see that most of the build dependencies of js-jquery1/js-jquery2 are gone.
2) I see that all the FTBFS bugs are ASSIGNED without a single response about a plan to fix the problem. From your emails it seems the plan was always to "do nothing".
3) I see that both jqueries have several moderate CVEs open without a single response for months. From your "in whatever state" staement it seems the plan was to never fix those. The packages would need to be buildable in the first place in order to be able to fix them.
Arguably, the benefit of having an unbundled dependency is mostly gone when the library is not maintained at all. It seems safer if other packages bundle and when they have a CVE open, the maintainers can evaluate the impact of the problem on their package. Even if 100 packages bundle jquery and only 10 of them evaluate the impact of CVEs and/or fix the CVEs in their packages, the situation is better than now. 

So yes, please let the packages go.

--
Miro Hrončok
--
Phone: +420777974800
IRC: mhroncok
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux