[Pkg-javascript-devel] Concerns about infrastructure for Alioth replacement
Paul Wise
pabs at debian.org
Thu Oct 19 08:48:31 UTC 2017
On Wed, Oct 18, 2017 at 2:13 PM, Alexander Wirt wrote:
> Please don't get me wrong, but even if gitlab packages are recent tomorrow (which I
> don't think) we won't migrate. The work is done and we have all the things in
> place to maintain them. So please do me a favour and don't mention alioth as
> the reason.
I note that the Debian security team doesn't support libv8, nodejs and
the stack above it.
https://sources.debian.net/src/debian-security-support/2017.06.02/security-support-limited/#L14
In my experience the JavaScript team doesn't appear to be following
the nodesecurity.io security advisories.
https://nodesecurity.io/advisories
What is your plan for avoiding the security issues discovered in
libv8/nodejs and gitlab-related node modules?
--
bye,
pabs
https://wiki.debian.org/PaulWise
More information about the Pkg-javascript-devel
mailing list