[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [linuxtools-dev] regarding the dependency on spotify docker client
|
I will open a change request to update Spotify Docker Client in Orbit to fix CVEs ASAP.
I'll add both Roland and Jeff to the CR as reviewers.
On 9/23/19 , 6:51 AM, "linuxtools-dev-bounces@xxxxxxxxxxx on behalf of Roland Grunberg" <linuxtools-dev-bounces@xxxxxxxxxxx on behalf of rgrunber@xxxxxxxxxx> wrote:
On Sat, 2019-09-21 at 09:49 -0400, Jeff Johnston wrote:
> Actually, thinking about it some more, this could entirely be done in Orbit's CVS repo since upstream won't be
> changing. Roland, any issues with this approach?
This is already happening in Orbit. For example, the update of the
Jackson stack from 2.9.2 -> 2.9.9. Our target platform just needs an
update to use those and to ensure the plugin works as expected.
I would not look at the pure upstream pom dependencies of docker-client
as we don't use them as Jeff has pointed out. If you install the Docker
Tooling, you can look through the plugins/ folder to get a sense of the
versions and bundles used.
If the current state of dependencies has issues (CVEs) and a fixed
version is not in Orbit, then the bugs should be filed against Orbit.
Cheers,
--
Roland Grunberg
_______________________________________________
linuxtools-dev mailing list
linuxtools-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/linuxtools-dev