Actually, thinking about it some more, this could entirely be done in Orbit's CVS repo since upstream won't be changing. Roland, any issues with this approach?
-- Jeff J. On Fri, Sep 20, 2019 at 6:59 PM Jeff Johnston <[email protected]> wrote: > Hi Tony, > > See below. > > On Fri, Sep 20, 2019 at 5:16 PM Homer, Tony <[email protected]> wrote: > >> Thanks for responding Jeff. >> >> >> >> My main concern is that the current version of Spotify has dependencies >> with unmitigated CVEs. >> >> I’d like if Docker Tooling would use a version of Spotify without CVEs. >> > > Of course. Can you specify which dependencies and versions? > > I can fork both Spotify and Docker Tooling myself in order to get to >> compliance with my company’s software release policies, but I’d prefer to >> upstream changes if possible. >> >> Would you be willing to make a fork for Docker Tooling to use which I >> could upstream changes to? >> > > Yes, as mentioned in my previous note we can certainly do that for bug > fixes and patches are welcome. > > I’ll just be bumping dependency versions and fixing and making any >> related, required changes for compatibility. >> >> >> >> Also, will you be attending EclipseCon next month? >> > > Unfortunately, I am not attending this year, but Roland Grunberg will be > there and perhaps he can meet up with you and discuss. Roland is the > head of the Orbit project and also a fellow maintainer of the Docker > Tooling plug-ins. > > >> >> Tony >> >> >> >> *From: *<[email protected]> on behalf of Jeff Johnston < >> [email protected]> >> *Reply-To: *Linux Tools developer discussions <[email protected] >> > >> *Date: *Friday, September 20, 2019 at 12:57 PM >> *To: *Linux Tools developer discussions <[email protected]> >> *Subject: *Re: [linuxtools-dev] regarding the dependency on spotify >> docker client >> >> >> >> Hi Tony, >> >> >> >> Our current plan is to use the last release of Spotify Docker Client as >> long as possible as we currently do not have the cycles to replace it. >> >> We are certainly open to suggestions and patches. >> >> >> >> We have started looking at Podman but this is not a viable replacement >> for non-linux systems. >> >> >> >> We have in the past made patches to the upstream Spotify Docker Client >> and yes, we will need to create a fork for such future changes as needed >> but this will be >> >> focussed only on Docker Tooling maintenance and not assuming general >> ownership of the project. >> >> >> >> Regards, >> >> >> >> -- Jeff J. >> >> >> >> On Fri, Sep 20, 2019 at 2:31 PM Homer, Tony <[email protected]> wrote: >> >> Hi linuxtools-dev. >> >> >> >> Docker Tooling depends on Spotify Docker Client, which is no longer being >> maintained. >> >> I had posted an issue asking if there is a well-supported fork but have >> not gotten any responses: >> >> https://github.com/spotify/docker-client/issues/1166 >> >> >> >> What is the plan for addressing this? >> >> The options I can think of are to either replace Spotify with an actively >> maintained Java client or transition to a fork which is maintained by the >> Docker Tooling Team. >> >> >> >> Thanks for your attention! >> >> Tony Homer >> >> _______________________________________________ >> linuxtools-dev mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/linuxtools-dev >> >> _______________________________________________ >> linuxtools-dev mailing list >> [email protected] >> To change your delivery options, retrieve your password, or unsubscribe >> from this list, visit >> https://www.eclipse.org/mailman/listinfo/linuxtools-dev > >
_______________________________________________ linuxtools-dev mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/linuxtools-dev
