[CentOS-devel] A Big Idea for a New Decade [was: Minutes for CentOS Board of Directors 2019-12-18 Meeting]

On Tue, Jan 07, 2020 at 11:22:59AM -0500, Stephen John Smoogen wrote:
> > 6. For the love of all that is pink and fluffy, we need to update the
> > versions of third party packages we ship. If RHEL won't, CentOS should.
> > For instance, we still ship Jetty 9.2, which is EOL and not receiving
> > security updates. 9.3 is also EOL. 9.4 is quite stable at this point (as
> > they are about to go beta on 10.0), so we should be shipping 9.4.
[...]
> The true purpose of an enterprise software is to make sure that a site
> can run crufty old software which depends on some version of a library
> no longer supported by upstream beyond simple bug fixes. [I can say
> from experience that updating jetty will break all kinds of commercial
> payroll apps which expect X version]. In the end, enterprise software

What about providing an updated Jetty as an optional module in EPEL? I see
we have 9.4.24 in Fedora. This seems like a pretty good example of what I'm
saying about fast and slow streams -- we actually _have_ this in our
ecosystem already, just not in a consumable way. If it were in EPEL, RHEL or
CentOS users who want to strap a nitro-burning sidecar on their semi truck
for their use case could do so.

-- 
Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader