Hi Tony, See below.
On Fri, Sep 20, 2019 at 5:16 PM Homer, Tony <tony.ho...@intel.com> wrote: > Thanks for responding Jeff. > > > > My main concern is that the current version of Spotify has dependencies > with unmitigated CVEs. > > I’d like if Docker Tooling would use a version of Spotify without CVEs. > Of course. Can you specify which dependencies and versions? I can fork both Spotify and Docker Tooling myself in order to get to > compliance with my company’s software release policies, but I’d prefer to > upstream changes if possible. > > Would you be willing to make a fork for Docker Tooling to use which I > could upstream changes to? > Yes, as mentioned in my previous note we can certainly do that for bug fixes and patches are welcome. I’ll just be bumping dependency versions and fixing and making any related, > required changes for compatibility. > > > > Also, will you be attending EclipseCon next month? > Unfortunately, I am not attending this year, but Roland Grunberg will be there and perhaps he can meet up with you and discuss. Roland is the head of the Orbit project and also a fellow maintainer of the Docker Tooling plug-ins. > > Tony > > > > *From: *<linuxtools-dev-boun...@eclipse.org> on behalf of Jeff Johnston < > jjohn...@redhat.com> > *Reply-To: *Linux Tools developer discussions <linuxtools-dev@eclipse.org> > *Date: *Friday, September 20, 2019 at 12:57 PM > *To: *Linux Tools developer discussions <linuxtools-dev@eclipse.org> > *Subject: *Re: [linuxtools-dev] regarding the dependency on spotify > docker client > > > > Hi Tony, > > > > Our current plan is to use the last release of Spotify Docker Client as > long as possible as we currently do not have the cycles to replace it. > > We are certainly open to suggestions and patches. > > > > We have started looking at Podman but this is not a viable replacement for > non-linux systems. > > > > We have in the past made patches to the upstream Spotify Docker Client and > yes, we will need to create a fork for such future changes as needed but > this will be > > focussed only on Docker Tooling maintenance and not assuming general > ownership of the project. > > > > Regards, > > > > -- Jeff J. > > > > On Fri, Sep 20, 2019 at 2:31 PM Homer, Tony <tony.ho...@intel.com> wrote: > > Hi linuxtools-dev. > > > > Docker Tooling depends on Spotify Docker Client, which is no longer being > maintained. > > I had posted an issue asking if there is a well-supported fork but have > not gotten any responses: > > https://github.com/spotify/docker-client/issues/1166 > > > > What is the plan for addressing this? > > The options I can think of are to either replace Spotify with an actively > maintained Java client or transition to a fork which is maintained by the > Docker Tooling Team. > > > > Thanks for your attention! > > Tony Homer > > _______________________________________________ > linuxtools-dev mailing list > linuxtools-dev@eclipse.org > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/linuxtools-dev > > _______________________________________________ > linuxtools-dev mailing list > linuxtools-dev@eclipse.org > To change your delivery options, retrieve your password, or unsubscribe > from this list, visit > https://www.eclipse.org/mailman/listinfo/linuxtools-dev
_______________________________________________ linuxtools-dev mailing list linuxtools-dev@eclipse.org To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/linuxtools-dev
