[Bug 2080872] Re: replace unmaintained http-parser dependency with llhttp
Utkarsh Gupta
2080872 at bugs.launchpad.net
Mon Sep 23 20:35:39 UTC 2024
There's no way you'd want to do that. YET. :)
See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081534.
> libgit2 in experimental has been switched from libhttp-parser-dev to
> libllhttp-dev which massively reduced installability of libgit2 because
> the latter has a transistive dependency on nodejs which has only
> limited platform support.
>
> Please switch libgit2 back to libhttp-parser-dev for architectures that
> don't build libllhttp-dev because they don't have support for nodejs.
Unless the security team is really willing to go down that path, this
can't happen yet. There's a lot that needs to happen before this can be
deemed doable & maintainable.
** Bug watch added: Debian Bug tracker #1081534
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081534
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libgit2 in Ubuntu.
https://bugs.launchpad.net/bugs/2080872
Title:
replace unmaintained http-parser dependency with llhttp
Status in libgit2 package in Ubuntu:
New
Bug description:
http-parser has been deprecated [0] for llhttp [1] in libgit2.
http-parser is unmaintained. There is nobody writing security patches
for http-parser. It should be removed as a libgit2 dependency and then
removed from the main archive.
Note http-parser's MIR clause [2]:
Security team propose a conditional ACK for promoting http-parser to main
upon Foundations team's acknowledgment of their commitment in assisting with
the development of security fixes, in the absence of upstream support, as
well as their responsibility to ask for demoting the pacakge in the future
once a suitable alternative is identified and deemed feasible.
[0] https://github.com/libgit2/libgit2/issues/6074
[1] https://github.com/libgit2/libgit2/pull/6713
[2] https://bugs.launchpad.net/ubuntu/+source/http-parser/+bug/1990655/comments/14
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libgit2/+bug/2080872/+subscriptions
More information about the foundations-bugs
mailing list