On Tue, Jan 07, 2020 at 11:22:59AM -0500, Stephen John Smoogen wrote: > > 6. For the love of all that is pink and fluffy, we need to update the > > versions of third party packages we ship. If RHEL won't, CentOS should. > > For instance, we still ship Jetty 9.2, which is EOL and not receiving > > security updates. 9.3 is also EOL. 9.4 is quite stable at this point (as > > they are about to go beta on 10.0), so we should be shipping 9.4. [...] > The true purpose of an enterprise software is to make sure that a site > can run crufty old software which depends on some version of a library > no longer supported by upstream beyond simple bug fixes. [I can say > from experience that updating jetty will break all kinds of commercial > payroll apps which expect X version]. In the end, enterprise software What about providing an updated Jetty as an optional module in EPEL? I see we have 9.4.24 in Fedora. This seems like a pretty good example of what I'm saying about fast and slow streams -- we actually _have_ this in our ecosystem already, just not in a consumable way. If it were in EPEL, RHEL or CentOS users who want to strap a nitro-burning sidecar on their semi truck for their use case could do so. -- Matthew Miller <mattdm at fedoraproject.org> Fedora Project Leader