Re: Concerns about infrastructure for Alioth replacement

To: debian-devel@lists.debian.org, admin@alioth.debian.org, pkg-javascript-devel@lists.alioth.debian.org
Subject: Re: Concerns about infrastructure for Alioth replacement
From: Paul Wise <pabs@debian.org>
Date: Thu, 19 Oct 2017 16:48:31 +0800
Message-id: <[🔎] CAKTje6Eha2+MqY3iOT55kBA6ULCZYJonWcxTB-98CivCDGPDRQ@mail.gmail.com>
In-reply-to: <[🔎] 20171018061344.vztc4hyhpxtvooqx@smithers.snow-crash.org>
References: <[🔎] 20171016001558.a9c2e92f9155e844f43ceb30@paranoici.org> <[🔎] CALjhHG84_x7k6doJftw01bD8q7q9oB1VTy4rrkhM2gvy0riPfA@mail.gmail.com> <[🔎] 20171017232902.dcd11a5ba48eeb97db018c16@paranoici.org> <[🔎] 20171017213255.gozko3o363fxy6wd@smithers.snow-crash.org> <[🔎] 20171017223853.mnu3tpzpiw4qqblt@DigitalMercury.dynalias.net> <[🔎] 20171018061344.vztc4hyhpxtvooqx@smithers.snow-crash.org>

On Wed, Oct 18, 2017 at 2:13 PM, Alexander Wirt wrote:

> Please don't get me wrong, but even if gitlab packages are recent tomorrow (which I
> don't think) we won't migrate. The work is done and we have all the things in
> place to maintain them. So please do me a favour and don't mention alioth as
> the reason.

I note that the Debian security team doesn't support libv8, nodejs and
the stack above it.

https://sources.debian.net/src/debian-security-support/2017.06.02/security-support-limited/#L14

In my experience the JavaScript team doesn't appear to be following
the nodesecurity.io security advisories.

https://nodesecurity.io/advisories

What is your plan for avoiding the security issues discovered in
libv8/nodejs and gitlab-related node modules?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Reply to:

References:
- Concerns about infrastructure for Alioth replacement
  - From: Francesco Poli <invernomuto@paranoici.org>
- Re: Concerns about infrastructure for Alioth replacement
  - From: Ondřej Surý <ondrej@sury.org>
- Re: Concerns about infrastructure for Alioth replacement
  - From: Francesco Poli <invernomuto@paranoici.org>
- Re: Concerns about infrastructure for Alioth replacement
  - From: Alexander Wirt <formorer@formorer.de>
- Re: Concerns about infrastructure for Alioth replacement
  - From: Nicholas D Steeves <nsteeves@gmail.com>
- Re: Concerns about infrastructure for Alioth replacement
  - From: Alexander Wirt <formorer@formorer.de>

Prev by Date: Re: Unsustainable debian/rules as official build entry point?
Next by Date: getconf(1) interface considered cross-harmful
Previous by thread: Re: [Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
Next by thread: Re: Concerns about infrastructure for Alioth replacement
Index(es):
- Date
- Thread