On Wed, Oct 18, 2017 at 2:13 PM, Alexander Wirt wrote: > Please don't get me wrong, but even if gitlab packages are recent tomorrow > (which I > don't think) we won't migrate. The work is done and we have all the things in > place to maintain them. So please do me a favour and don't mention alioth as > the reason.
I note that the Debian security team doesn't support libv8, nodejs and the stack above it. https://sources.debian.net/src/debian-security-support/2017.06.02/security-support-limited/#L14 In my experience the JavaScript team doesn't appear to be following the nodesecurity.io security advisories. https://nodesecurity.io/advisories What is your plan for avoiding the security issues discovered in libv8/nodejs and gitlab-related node modules? -- bye, pabs https://wiki.debian.org/PaulWise -- Pkg-javascript-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel
