On Wed, Aug 24, 2022, at 11:56, Kevin Kofler via devel wrote:
> That was exactly my point though. If nobody finds CVEs, then nobody has to
> fix them. We can only fix what we know about, and blackhats can only attack
> what they know about.
The fact that there are no new CVEs (and therefore
On 8/24/22 05:56, Kevin Kofler via devel wrote:
> Daniel P. Berrangé wrote:
>> pcre will also have a drop in found CVEs simply because far fewer people
>> will be bothering to look at the old code. If no one is looking for bugs
>> then none are going to be reported :-)
>
> That was exactly my
Lukas Javorsky wrote:
> Anyway, the main idea behind this change is to prevent any new packages
> coming to Fedora 38 to require the old pcre package and forward them to
> use the newer version of it *pcre2*.
As I have stated several times, I do not see this process as a productive or
useful
Daniel P. Berrangé wrote:
> pcre will also have a drop in found CVEs simply because far fewer people
> will be bothering to look at the old code. If no one is looking for bugs
> then none are going to be reported :-)
That was exactly my point though. If nobody finds CVEs, then nobody has to
fix
Thank you for all of your feedback.
As Zbyszek mentioned, this change is only about the *deprecation*, not the
*retirement*.
This means that if the pcre is deprecated, no new package will be allowed
to require it. Also, it would mean that all of the existing packages will
be notified about this
On Wed, Aug 24, 2022 at 05:14:33AM +0200, Kevin Kofler via devel wrote:
> Ben Cotton wrote:
> > == Summary ==
> > Upstream stopped the support for the old 'pcre' package. It only
> > supports the new 'pcre2' version, so Fedora should deprecate it so it
> > could later be retired and removed from
On Tue, Aug 23, 2022 at 03:42:30PM -0400, Ben Cotton wrote:
> https://fedoraproject.org/wiki/PcreDeprecation
>
> This document represents a proposed Change. As part of the Changes
> process, proposals are publicly announced in order to receive
> community feedback. This proposal will only be
On Wed, Aug 24, 2022 at 05:14:33AM +0200, Kevin Kofler via devel wrote:
> Ben Cotton wrote:
> > == Summary ==
> > Upstream stopped the support for the old 'pcre' package. It only
> > supports the new 'pcre2' version, so Fedora should deprecate it so it
> > could later be retired and removed from
On Wed, Aug 24, 2022 at 3:14 AM Kevin Kofler via devel
wrote:
...
> This is simply a non-starter.
...
> PCRE 1 needs to remain as a fully supported compatibility library for the
> foreseeable future.
...
> In the end, my suggestion if you are unable to deal with the security
> vulnerabilities is
Ben Cotton wrote:
> == Summary ==
> Upstream stopped the support for the old 'pcre' package. It only
> supports the new 'pcre2' version, so Fedora should deprecate it so it
> could later be retired and removed from Fedora entirely.
>
> == Owner ==
> * Name: [[User:ljavorsk| Lukas Javorsky]]
> *
https://fedoraproject.org/wiki/PcreDeprecation
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
==
https://fedoraproject.org/wiki/PcreDeprecation
This document represents a proposed Change. As part of the Changes
process, proposals are publicly announced in order to receive
community feedback. This proposal will only be implemented if approved
by the Fedora Engineering Steering Committee.
==
12 matches
Mail list logo