Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [linuxtools-dev] regarding the dependency on spotify docker client

I will open a change request to update Spotify Docker Client in Orbit to fix CVEs ASAP.
I'll add both Roland and Jeff to the CR as reviewers.

´╗┐On 9/23/19 , 6:51 AM, "linuxtools-dev-bounces@xxxxxxxxxxx on behalf of Roland Grunberg" <linuxtools-dev-bounces@xxxxxxxxxxx on behalf of rgrunber@xxxxxxxxxx> wrote:

    On Sat, 2019-09-21 at 09:49 -0400, Jeff Johnston wrote:
    > Actually, thinking about it some more, this could entirely be done in Orbit's CVS repo since upstream won't be
    > changing.  Roland, any issues with this approach?
    
    This is already happening in Orbit. For example, the update of the
    Jackson stack from 2.9.2 -> 2.9.9. Our target platform just needs an
    update to use those and to ensure the plugin works as expected.
    
    I would not look at the pure upstream pom dependencies of docker-client 
    as we don't use them as Jeff has pointed out. If you install the Docker
    Tooling, you can look through the plugins/ folder to get a sense of the
    versions and bundles used. 
    
    If the current state of dependencies has issues (CVEs) and a fixed
    version is not in Orbit, then the bugs should be filed against Orbit.
    
    Cheers,
    -- 
    Roland Grunberg
    
    _______________________________________________
    linuxtools-dev mailing list
    linuxtools-dev@xxxxxxxxxxx
    To change your delivery options, retrieve your password, or unsubscribe from this list, visit
    https://www.eclipse.org/mailman/listinfo/linuxtools-dev
    


Back to the top