Re: Bug#931376: debian-security-support: mention nodejs is not for untrusted content
On 20/02/2020 18:00, Salvatore Bonaccorso wrote:
> Hi Holger,
>
> On Thu, Feb 20, 2020 at 04:49:09PM +0000, Holger Levsen wrote:
>>> Does LTS provide updates for nodejs/nodejs-*, and is there a place where
>>> we can document this decision?
>>
>> I'd lean to call it unsupported and document this in src:debian-security-support.
>
> I guess you will need to add it to the ended file instead, that is
> declare it end-of-life because not supportable by backporting fixes --
> unsupported covers all suites, and this as you noticed was the reason
> to remove it again from there as we tentatively want to be able to
> support nodejs in buster.
Yes, this was mentioned in the release notes for jessie and stretch:
https://www.debian.org/releases/jessie/amd64/release-notes/ch-information.en.html#libv8
https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#libv8
So we should add it to security-support-ended for those releases, and
let it be supported in buster.
Cheers,
Emilio
Reply to: