TLDR: I was wondering if I could propose a (semi) official effort to do a patch release in the 3.14 branch. I know, legacy maintenance is not exciting but it would be incredibly helpful for the many users/projects/distributions relying on this version for their tools/infrastructure.
A starting point based off v3.14.5.10 with 25 additional patches (as collected by Tom Callaway; see below) is available from: https://github.com/v8-314/v8/commits/3.14 It would be fantastic if this could be reviewed by someone familiar with the v8 codebase, and perhaps adopted in some form or another in the main repository. Background: We are aware that the priority of V8 is to move Chromium forward and there is no official 'stable' API. But for many other applications, bundling libv8 sources is not an option. I personally maintain V8 bindings for the R programming language. These are in use by many statisticians, scientists, and ecologists (5k+ downloads per month from the main mirror alone) who have developed an infrastructure on top of this for e.g. working with geojson data. For license and portability reasons, we cannot bundle libv8 and instead need to dynamically link to libv8 on the system. Because R packages are supposed to work across platforms, we rely on some sort of consensus between distributions on the API version. For years, the de-facto stable API has been the 3.14 / 3.15 branch which is provided by all major distributions: - https://aur.archlinux.org/packages/v8-3.14 - https://packages.debian.org/sid/libv8-3.14.5 - http://packages.ubuntu.com/xenial/libv8-3.14-dev - https://apps.fedoraproject.org/packages/v8-devel - https://www.opencsw.org/packages/CSWlibv8-dev - https://github.com/Homebrew/homebrew-versions/blob/master/v8-315.rb Therefore applications and bindings typically target this version of the API. Distributions want to keep providing this version (possibly in addition to libv8 v4 or v5) to prevent everything downstream from breaking down with a forced upgrade. However the latest release in 3.14 is about 3 years old, forcing maintainers to start manually patching CVE's and compiler problems. This fragmentation of efforts is unfortunate and probably unsustainable. It would be super nice if the V8 team would be willing to help out with an official patch release in the 3.14 branch to get everyone on the same page and keep all those tools working a bit longer. Tom Callaway from Redhat has recently done a great job of collecting 25 important patches for a new 'v8-314' package in Fedora/EPEL. These include fixes for CVE's, gcc5 and MIPS/PowerPC. https://bugzilla.redhat.com/show_bug.cgi?id=1344415 Patches with comments and building steps are available from his spec/rpm file. https://spot.fedorapeople.org/v8-314.spec https://spot.fedorapeople.org/v8-314-3.14.5.10-1.fc24.src.rpm For those unfamiliar with rpm, exactly the same patches have been applied in the same order in the Github repository linked above. It would be really great if we could take some of this effort upstream so that all distributions can sync with the official 3.14 branch. Thank you! Jeroen Ooms UCLA / UC Berkeley -- -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev --- You received this message because you are subscribed to the Google Groups "v8-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
