Hi, > Package: mozjs17 > Severity: serious > > This package forks a local copy of the Iceweasel Javascript engine which is > no longer supported with security updates (currently only the ESR24 series > is maintained)
Out of curiosity, why is this a RC bug when there seems to be no issues from the security team with regards to src:mozjs (which is even older, based on Firefox 4 code AFAIU, and is currently in stable)? > Why do we need a copy of the old version anyway? What are the expected > applications > using it and why can't they be migrated to the mozjs provided by the iceweasel source package. The following packages are currently depending against libmozjs185-1.0: 0ad cinnamon couchdb dehydra gnome-shell libgjs0b libgjs0c libmozjs185-dev libpeas-1.0-0 mediatomb-common oolite policykit-1 (taken from mozjs17's ITP bug report, #709434) GNOME Shell stands out in that list above as a major package that depends on mozjs/Spidermonkey. I myself am maintainer for 0ad, hence why I'm interested in this bug report as well. My understanding is that Spidermonkey, as a standalone release (snapshot?) of FF's javascript engine, is meant to be embedded in applications that use it. I can't answer for all the packages above, but I know that 0ad requires a very specific version of Spidermonkey, and that transitioning between different releases seems to be rather painful for upstream. I guess one possible way to deal with this is to dump mozjs and mozjs17 (and future Spidermonkey releases) in the same category as webkit, i.e. unsupported by the security team? Regards, Vincent -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
