On 6/29/22 15:14, Chuck Anderson wrote: > On Wed, Jun 29, 2022 at 11:49:51PM +0530, Vipul Siddharth wrote: >> Fedora 37 as a compatibility library. Because libsoup is a sensitive >> network-facing HTTP library written in an unsafe language and where >> CVEs may have disastrous impact, it is not safe to leave libsoup 2 >> hanging around indefinitely, but we are not yet ready to remove it >> altogether. We will propose removing libsoup 2 (and all applications >> and libraries that still depend on it) for Fedora 39 in a separate >> change proposal. > > Why are we using a "network-facing HTTP library written in an unsafe > language"? Shouldn't we take this opportunity to move to a safer HTTP > library? Or is libsoup 3 safe(r) than libsoup 2? I absolutely agree. -- Sincerely, Demi Marie Obenour (she/her/hers) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
