subject:"\[EPEL\-devel\] Re\: Upgrade of mlpack in epel\-7"

[EPEL-devel] Re: Upgrade of mlpack in epel-7

2023-10-31 Thread Troy Dawson

On Mon, Oct 30, 2023 at 11:10 PM Benson Muite 
wrote:

> On 10/30/23 16:37, Troy Dawson wrote:
> > On Sun, Oct 29, 2023 at 10:35 AM Benson Muite
> > mailto:benson_mu...@emailplus.org>> wrote:
> >
> > Would like to upgrade mlpack from 3.4.2 to 4.2.1
> > Version 3 is no longer maintained, and there do not seem to be
> > dependencies on mlpack, at least in Fedora. This is prompted by
> > CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
> > https://src.fedoraproject.org/rpms/mlpack/pull-request/12
> > 
> >
> >
> > Since this is for a CVE, that is good.
> > Also, it looks like nothing depends on it, so that also makes things
> easier.
> >
> > Do you know of any features that were removed between version 3.x and
> 4.x?
> > In short, if someone were actively using version 3.x of mlpack, do you
> > know what they would need to change (if anything) to use the version 4.x?
> >
> The biggest change is that for development it became a header only
> library that requires C++14.  Had not realized non breaking changes
> should not be made, so the spec file is for version 4, but it does not
> build and so version 3.4.2 is still shipped.  Can revert changes in git
> history so that 3.4.2 is used, and update requirements on included stb
> header files if that is allowed.
>

If that is possible, and it fixes the CVE's, that would be best.

If you find that it isn't possible, or it doesn't fix the CVE's, then an
exception can be made.
Part of the exception process is to say what changes between the versions,
so people are prepared.
Having the list of things that change is also good when bugs get opened, we
can point them to that list.

Troy
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Re: Upgrade of mlpack in epel-7

2023-10-31 Thread Benson Muite

On 10/30/23 16:37, Troy Dawson wrote:
> On Sun, Oct 29, 2023 at 10:35 AM Benson Muite
> mailto:benson_mu...@emailplus.org>> wrote:
> 
> Would like to upgrade mlpack from 3.4.2 to 4.2.1
> Version 3 is no longer maintained, and there do not seem to be
> dependencies on mlpack, at least in Fedora. This is prompted by
> CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
> https://src.fedoraproject.org/rpms/mlpack/pull-request/12
> 
> 
> 
> Since this is for a CVE, that is good.
> Also, it looks like nothing depends on it, so that also makes things easier.
> 
> Do you know of any features that were removed between version 3.x and 4.x?
> In short, if someone were actively using version 3.x of mlpack, do you
> know what they would need to change (if anything) to use the version 4.x?
> 
The biggest change is that for development it became a header only
library that requires C++14.  Had not realized non breaking changes
should not be made, so the spec file is for version 4, but it does not
build and so version 3.4.2 is still shipped.  Can revert changes in git
history so that 3.4.2 is used, and update requirements on included stb
header files if that is allowed.
> Troy
> 
> 
> ___
> epel-devel mailing list -- epel-devel@lists.fedoraproject.org
> To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
> Do not reply to spam, report it: 
> https://pagure.io/fedora-infrastructure/new_issue
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Re: Upgrade of mlpack in epel-7

2023-10-30 Thread Troy Dawson

On Sun, Oct 29, 2023 at 10:35 AM Benson Muite 
wrote:

> Would like to upgrade mlpack from 3.4.2 to 4.2.1
> Version 3 is no longer maintained, and there do not seem to be
> dependencies on mlpack, at least in Fedora. This is prompted by
> CVE-2021-28021, CVE-2021-42715, CVE-2021-42716, and CVE-2022-28041
> https://src.fedoraproject.org/rpms/mlpack/pull-request/12
>

Since this is for a CVE, that is good.
Also, it looks like nothing depends on it, so that also makes things easier.

Do you know of any features that were removed between version 3.x and 4.x?
In short, if someone were actively using version 3.x of mlpack, do you know
what they would need to change (if anything) to use the version 4.x?

Troy
___
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/epel-devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[EPEL-devel] Re: Upgrade of mlpack in epel-7

[EPEL-devel] Re: Upgrade of mlpack in epel-7

[EPEL-devel] Re: Upgrade of mlpack in epel-7

3 matches

Site Navigation

Mail list logo

Footer information