On Wed, Jun 29, 2022 at 11:49:51PM +0530, Vipul Siddharth wrote: > Fedora 37 as a compatibility library. Because libsoup is a sensitive > network-facing HTTP library written in an unsafe language and where > CVEs may have disastrous impact, it is not safe to leave libsoup 2 > hanging around indefinitely, but we are not yet ready to remove it > altogether. We will propose removing libsoup 2 (and all applications > and libraries that still depend on it) for Fedora 39 in a separate > change proposal.
Why are we using a "network-facing HTTP library written in an unsafe language"? Shouldn't we take this opportunity to move to a safer HTTP library? Or is libsoup 3 safe(r) than libsoup 2? _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
