Am 09.12.24 um 15:30 schrieb Stephen Gallagher:
On Sat, Dec 7, 2024 at 12:21 PM Carlos Rodriguez-Fernandez
<carlosrodrifernandez@xxxxxxxxx> wrote:
I took sparse, and http-parser.
http-parser in particular is a dead project upstream. However, there is a good set of packages depending on it. There are also past contributors. If any of the past contributors want to take it please let me know, I'll be happy to hand it over: dck, mrunge, orphan, patches, sgallagh, vascom.
I actually thought I'd removed myself from that package; I've migrated
all of the packages I used to maintain with http-parser over to the
(supported) llhttp package.
The upstream is very dead and it's been strongly implied to me that
there are very likely to be security issues with it. I'd argue that we
need to remove it from the distribution entirely and either fix or
retire the remaining packages depending on it:
* AusweisApp2-0:2.2.1-1.fc41.x86_64
* AusweisApp2-0:2.2.2-2.fc41.x86_64
- Upstream still relies on http-parser and needs to be contacted to
migrate to a maintained parser.
I have contacted AusweisApp upstream. Their preference would be to use
QHttpServer, but its license-incompatible (GPL vs EUPL). There are
currently no defined plans for migration.
* flamethrower-0:0.11.0-28.fc41.x86_64
- This is actually carrying a Fedora-specific patch to use http-parser
instead of upstream's private fork (called url_parser). Given that
both of them are effectively unmaintained, I think we want to drop our
patch and follow upstream (and contact them about switching to a
maintained parser)
* http-parser-devel-0:2.9.4-12.fc41.i686
* http-parser-devel-0:2.9.4-12.fc41.x86_64
- Part of http-parser itself and will be removed if we drop it.
* jabberd-0:2.6.1-28.fc41.x86_64
- This package is also dead upstream since 2019 and should be dropped
from Fedora.
* python3-httptools-0:0.6.0-6.fc41.x86_64
- Latest versions have been converted to llhttp
* slurm-slurmrestd-0:24.05.2-1.fc41.x86_64
- Upstream is still bound to http-parser, but only for one optional
component: slurmrestd. We could stop providing this daemon in Fedora
and communicate to upstream that they need to update to a maintained
parser.
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue