On Mon, Dec 9, 2024 at 9:30 AM Stephen Gallagher <sgall...@redhat.com> wrote: > > On Sat, Dec 7, 2024 at 12:21 PM Carlos Rodriguez-Fernandez > <carlosrodrifernan...@gmail.com> wrote: > > > > I took sparse, and http-parser. > > > > http-parser in particular is a dead project upstream. However, there is a > > good set of packages depending on it. There are also past contributors. If > > any of the past contributors want to take it please let me know, I'll be > > happy to hand it over: dck, mrunge, orphan, patches, sgallagh, vascom. > > > > I actually thought I'd removed myself from that package; I've migrated > all of the packages I used to maintain with http-parser over to the > (supported) llhttp package. > > The upstream is very dead and it's been strongly implied to me that > there are very likely to be security issues with it. I'd argue that we > need to remove it from the distribution entirely and either fix or > retire the remaining packages depending on it: > > * AusweisApp2-0:2.2.1-1.fc41.x86_64 > * AusweisApp2-0:2.2.2-2.fc41.x86_64 > - Upstream still relies on http-parser and needs to be contacted to > migrate to a maintained parser. > > * flamethrower-0:0.11.0-28.fc41.x86_64 > - This is actually carrying a Fedora-specific patch to use http-parser > instead of upstream's private fork (called url_parser). Given that > both of them are effectively unmaintained, I think we want to drop our > patch and follow upstream (and contact them about switching to a > maintained parser) > > * http-parser-devel-0:2.9.4-12.fc41.i686 > * http-parser-devel-0:2.9.4-12.fc41.x86_64 > - Part of http-parser itself and will be removed if we drop it. > > * jabberd-0:2.6.1-28.fc41.x86_64 > - This package is also dead upstream since 2019 and should be dropped > from Fedora. > > * python3-httptools-0:0.6.0-6.fc41.x86_64 > - Latest versions have been converted to llhttp > > * slurm-slurmrestd-0:24.05.2-1.fc41.x86_64 > - Upstream is still bound to http-parser, but only for one optional > component: slurmrestd. We could stop providing this daemon in Fedora > and communicate to upstream that they need to update to a maintained > parser.
Sorry for the re-send; used the wrong format for emailing the individual maintainers. -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
