[Bug 1078718] New: Deleting Zend Framework from Factory - openSUSE Bugs - openSUSE Mailing Lists

newer
[Bug 1082532] New: record...

[Bug 1078718] New: Deleting Zend Framework from Factory

older
[Bug 1083848] New: RPI3 After...

bugzilla_noreply＠novell.com

1 Feb 2018 1 Feb '18

09:13

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Bug ID: 1078718 Summary: Deleting Zend Framework from Factory Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- openSUSE:Factory and hence openSUSE:Leap:15.0 still contain very old versions of Zend Framework (1.12.20, php7-ZendFramework). These are no longer maintained upstream since Sep 2016. There are open issues for Zend Framework (see #1017629 #1044027 #1052785) with security implications. It is not even clear whether the old 1.12.x branch is actually affected by the 2.2.x. Is anyone interested in bumping the version to the 3.x branch? Otherwise I would submit a deletion request, since upstream seems to be rather dead anyway (last release in 2016, no active development going on) and there are no dependencies on it. -- You are receiving this mail because: You are on the CC list for the bug.

Attachments:

attachment.htm (text/html — 2.7 KB)

Reply

Sign in to reply online Use email software

Show replies by date

bugzilla_noreply＠novell.com

1 Feb 1 Feb

09:14

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Karol Babioch changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aj@ajaissle.de, | |alar.sing@err.ee, | |asemen@suse.com, | |broedel@b1-systems.de, | |chris@computersalat.de, | |crrodriguez@opensuse.org, | |jweberhofer@weberhofer.at, | |kbabioch@suse.com, | |lang@b1-systems.de, | |lars.vogdt@suse.com, | |nix@opensuse.org, | |opensuse@dstoecker.de, | |poeml@cmdline.net, | |robert.munteanu@gmail.com, | |suse-tux@gmx.de -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

09:15

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

09:15

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c1 --- Comment #1 from Karol Babioch --- Bug 1017629 https://bugzilla.opensuse.org/show_bug.cgi?id=1017629 Bug 1044027 https://bugzilla.opensuse.org/show_bug.cgi?id=1044027 Bug 1052785 https://bugzilla.opensuse.org/show_bug.cgi?id=1052785 -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

11:15

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c2 --- Comment #2 from Johannes Weberhofer --- Karol, I fully support removing the package. It was requested by maintainers of nagvis. Nagvis should migrate to a newer version then we could remove that package. Maintainers are @ecsos and @lrupp. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

11:15

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 Johannes Weberhofer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ecsos@schirra.net -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

11:55

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c3 --- Comment #3 from Eric Schirra --- (In reply to Johannes Weberhofer from comment #2)

Karol, I fully support removing the package. It was requested by maintainers of nagvis. Nagvis should migrate to a newer version then we could remove that package. Maintainers are @ecsos and @lrupp.

nagvis is needed for some other applications. Nagios or icingaweb2-module. But i'm not shure if we can remove zendframework. And i have no no change to test it at the moment. Lars, can you do that? Bumping to version 3 was very nice. :-) -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

1 Mar 1 Mar

09:06

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c4 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS --- Comment #4 from Andreas Stieger --- delete request sent for Leap 15.0 and Factory. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

10:12

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c5 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |CONFIRMED --- Comment #5 from Andreas Stieger --- Eric, security team would like to absolutely clear: We need php7-ZendFramework to have a maintainer AND be on a current version with the issues fixed, or we drop it. You write in the DRs:

It's need for icingaweb2-module-nagvis

I do not see icingaweb2-module-nagvism in the distribution. Where is it? -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

13:46

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c6 --- Comment #6 from Eric Schirra --- Deletions are approved. -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

bugzilla_noreply＠novell.com

4 Mar 4 Mar

12:49

New subject: [Bug 1078718] Deleting Zend Framework from Factory

http://bugzilla.opensuse.org/show_bug.cgi?id=1078718 http://bugzilla.opensuse.org/show_bug.cgi?id=1078718#c7 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #7 from Andreas Stieger --- removed from Factory -- You are receiving this mail because: You are on the CC list for the bug.

Reply

Sign in to reply online Use email software

2255

Age (days ago)

2286

Last active (days ago)

Download

10 comments

1 participants

tags

participants (1)

bugzilla_noreply＠novell.com