Do we need to continue shipping juju-mongo-tools3.2 in bionic? Do we need to continue shipping juju-mongodb3.2 in bionic?
Are you aware that juju-mongodb3.2, has JS engine turned off, and is thus more secure than the monogdb source, which has JS engine compiled in - and thus has all the security vulnerabilities of a full web-browser more or less? Please note the JS engine in src:mongodb does not receive security vulnerabilities patches. Don't you instead want a mongodb 3.4, compiled in a similar fashion as the juju-mongodb3.2 package (wihtout js), avoiding forking the current packaging of src:mongodb? With the intention that juju-mongodb3.4 is short-lived, until the daemon moves off using in-archive version. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1756432 Title: [FFe] Split out mongodb-server-core To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1756432/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
