[Pkg-javascript-devel] Bug#1086740: lintian: [lintian] Please warn about obsolete twitter-bootstrap{3, 4} {, build}-dependencies

Santiago Ruano Rincón santiagorr at riseup.net
Tue Nov 5 04:58:48 GMT 2024


Source: lintian
Version: 2.120.0
Severity: wishlist
X-Debbugs-Cc: Debian Pan Maintainers <pkg-javascript-devel at alioth-lists.debian.net>, Yadd <yadd at debian.org>, Daniel Baumann <daniel.baumann at progress-linux.org>

Dear lintian maintainers,

I would like to request a lintian tag to make package maintainers aware
of the obsolescence of twitter-bootstrap3 and twitter-bootstrap4.
These two packages are EOL'ed upstream, there are a couple of CVE open
for them, and upstream is not publicly proposing fixes.
I agree with the comment by Moritz
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084059#5) that
packages should move their dependencies to boostrap 5
(src:bootstrap-html), which is the current version supported upstream.

AFAIU, bootstrap 5 is not just a drop-in replacement, and so there is
work on the upstream side. To guide package maintainers and upstream
developers, lintian could include the following links in the tag info:

https://getbootstrap.com/docs/5.3/migration/
https://getbootstrap.com/docs/4.6/migration/

I am planing to discuss a mass-bug-filling in debian-devel too, but a
lintian tag would help anyway, especially for packages adding a new
dependency on the two old bootstrap versions.

Any thoughts?

Cheers,

 -- Santiago
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-javascript-devel/attachments/20241105/59471096/attachment.sig>


More information about the Pkg-javascript-devel mailing list