I've been maintainer of the yajl package in Fedora forever, as it was
a dep of libvirt.
yajl upstream has been dead since 2015, so the current release tarball
has multiple CVEs, which I've patched downstream by grabbing patches
from github issue comments from third parties or other distros [1].
In the libvirt 10.8.0 release that just hit rawhide, we've switched to
using json-c instead. Aside from libvirt in stable Fedora release
branches, there are a few other packages in Fedora still using
yajl that I see:
Io-language
collectd
crun
grive2
i3
i3-gaps
i3status
libmodsecurity
mod_security
raptor2
xen
If anyone is cares about the above packages enough to want to take
over ownership of 'yajl', either now or in future, please let me
know.
I'm willing to keep ownership of yajl until the Fedora 41 branch goes
end of life, at which point no version of libvirt will still use it
If no new volunteer has stepped forward by then I'll be orphaning
yajl.
If you are the Fedora maintainer of any of the above packages, I'd
strongly recommend talking to their respective upstream about switching
JSON library to json-c instead of yajl, to avoid being stuck using a
dead project forever.
With regards,
Daniel
[1] I collect patches in src-git at
https://github.com/berrange/yajl/tree/fedora-dist-git
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
--
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
