[Pkg-javascript-devel] V8 depends from outdated and unmaintained libv8 with security issues
Jérémy Lal
kapouer at melix.org
Tue Jan 29 18:55:37 GMT 2019
Le mar. 29 janv. 2019 à 19:41, Jeroen Ooms <jeroen at berkeley.edu> a écrit :
> Is there another version of libv8 available on Debian? I'm willing to
> try to port it to a newer version of V8. The issue with libv8 has
> always been that Google refuses to define a stable API, and they do a
> new release every day (no joke). So it's very hard to program against
> that.
>
> That said, Fedora is now shipping v8 6.7.17
> https://apps.fedoraproject.org/packages/v8 (in addition to
> https://apps.fedoraproject.org/packages/v8-314). So if Debian would
> ship a version of V8 with a similar version, I will try to update the
> R package to support this API.
>
Please read the full bug report, and TL;DR:
the best thing to do that i don't do because i lack time, is to package the
v8 version
that is in nodejs (10.15 at the moment, soon in testing).
It will profit from the hard work upstream nodejs do to keep
ABI-compatibility across
nodejs versions, with the bonus of having security fixes backported.
Jérémy
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20190129/0606b910/attachment.html>
More information about the Pkg-javascript-devel
mailing list