On Wed, Oct 18, 2017 at 2:13 PM, Alexander Wirt wrote:

> Please don't get me wrong, but even if gitlab packages are recent tomorrow 
> (which I
> don't think) we won't migrate. The work is done and we have all the things in
> place to maintain them. So please do me a favour and don't mention alioth as
> the reason.

I note that the Debian security team doesn't support libv8, nodejs and
the stack above it.

https://sources.debian.net/src/debian-security-support/2017.06.02/security-support-limited/#L14

In my experience the JavaScript team doesn't appear to be following
the nodesecurity.io security advisories.

https://nodesecurity.io/advisories

What is your plan for avoiding the security issues discovered in
libv8/nodejs and gitlab-related node modules?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

-- 
Pkg-javascript-devel mailing list
Pkg-javascript-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-javascript-devel

Reply via email to