On Tue, Jan 07, 2020 at 11:22:59AM -0500, Stephen John Smoogen wrote:
- For the love of all that is pink and fluffy, we need to update the
versions of third party packages we ship. If RHEL won't, CentOS should. For instance, we still ship Jetty 9.2, which is EOL and not receiving security updates. 9.3 is also EOL. 9.4 is quite stable at this point (as they are about to go beta on 10.0), so we should be shipping 9.4.
[...]
The true purpose of an enterprise software is to make sure that a site can run crufty old software which depends on some version of a library no longer supported by upstream beyond simple bug fixes. [I can say from experience that updating jetty will break all kinds of commercial payroll apps which expect X version]. In the end, enterprise software
What about providing an updated Jetty as an optional module in EPEL? I see we have 9.4.24 in Fedora. This seems like a pretty good example of what I'm saying about fast and slow streams -- we actually _have_ this in our ecosystem already, just not in a consumable way. If it were in EPEL, RHEL or CentOS users who want to strap a nitro-burning sidecar on their semi truck for their use case could do so.