SSLv3 disabled in node v0.10.33
by T.C. Hollingsworth
Upstream disabled SSLv3 in v0.10.33. I've been putting off dealing
with it because I've been very busy, but I already got a request to do
the same in EPEL [1].
I was leaning toward not disabling it in <F20 and EPEL, since we
typically don't do that sort of thing in stable releases. But it
could get very confusing if upstream has disabled SSLv3 and we're
shipping versions that claim to have it disabled. So I guess stable
releases will be stuck at 0.10.32 + backports from future stable
releases forever. Unless I'm being too pedantic and should just push
the new upstream release unmodified?
However, I think it's still early enough to do this for F21 at least
so that's not stuck with the same issue forever. So unless anyone
objects, I'm going to push an update in the next couple days and get
it submitted before Final Freeze.
Thanks!
-T.C.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1161900
9 years, 5 months
Mixed case module names
by Tom Hughes
I'm working on a review (BZ#1086245) for nodejs-jsonstream.
Now the interesting thing is that the module it is packaging is actually
called JSONStream in the npm registry and there is in fact a separate
jsonstream module.
The general naming rules say that "You should generally use lowercase"
but I guess this is a case where the node naming rules should take
precedence, especially given that there is a conflict and we may need
have both at some point?
Tom
--
Tom Hughes (tom(a)compton.nu)
http://compton.nu/
9 years, 5 months
