Source: lintian Version: 2.120.0 Severity: wishlist X-Debbugs-Cc: Debian Pan Maintainers <pkg-javascript-devel@alioth-lists.debian.net>, Yadd <y...@debian.org>, Daniel Baumann <daniel.baum...@progress-linux.org>
Dear lintian maintainers, I would like to request a lintian tag to make package maintainers aware of the obsolescence of twitter-bootstrap3 and twitter-bootstrap4. These two packages are EOL'ed upstream, there are a couple of CVE open for them, and upstream is not publicly proposing fixes. I agree with the comment by Moritz (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084059#5) that packages should move their dependencies to boostrap 5 (src:bootstrap-html), which is the current version supported upstream. AFAIU, bootstrap 5 is not just a drop-in replacement, and so there is work on the upstream side. To guide package maintainers and upstream developers, lintian could include the following links in the tag info: https://getbootstrap.com/docs/5.3/migration/ https://getbootstrap.com/docs/4.6/migration/ I am planing to discuss a mass-bug-filling in debian-devel too, but a lintian tag would help anyway, especially for packages adding a new dependency on the two old bootstrap versions. Any thoughts? Cheers, -- Santiago
signature.asc
Description: PGP signature
-- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
