Public bug reported: http-parser has been deprecated [0] for llhttp [1] in libgit2.
http-parser is unmaintained. There is nobody writing security patches for http-parser. It should be removed as a libgit2 dependency and then removed from the main archive. Note http-parser's MIR clause [2]: Security team propose a conditional ACK for promoting http-parser to main upon Foundations team's acknowledgment of their commitment in assisting with the development of security fixes, in the absence of upstream support, as well as their responsibility to ask for demoting the pacakge in the future once a suitable alternative is identified and deemed feasible. [0] https://github.com/libgit2/libgit2/issues/6074 [1] https://github.com/libgit2/libgit2/pull/6713 [2] https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1990655/comments/14 ** Affects: libgit2 (Ubuntu) Importance: Undecided Status: New ** Description changed: http-parser has been deprecated [0] for llhttp [1] in libgit2. http-parser is unmaintained. There is nobody writing security patches for http-parser. It should be removed as a libgit2 dependency and then removed from the main archive. - Note htt-parser's MIR clause [2]: + Note http-parser's MIR clause [2]: - Security team propose a conditional ACK for promoting http-parser to main - upon Foundations team's acknowledgment of their commitment in assisting with - the development of security fixes, in the absence of upstream support, as - well as their responsibility to ask for demoting the pacakge in the future - once a suitable alternative is identified and deemed feasible. + Security team propose a conditional ACK for promoting http-parser to main + upon Foundations team's acknowledgment of their commitment in assisting with + the development of security fixes, in the absence of upstream support, as + well as their responsibility to ask for demoting the pacakge in the future + once a suitable alternative is identified and deemed feasible. [0] https://github.com/libgit2/libgit2/issues/6074 [1] https://github.com/libgit2/libgit2/pull/6713 [2] https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1990655/comments/14 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2080872 Title: replace unmaintained http-parser dependency with llhttp To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libgit2/+bug/2080872/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
