Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [linuxtools-dev] regarding the dependency on spotify docker client
Hi Tony,

See below.

On Fri, Sep 20, 2019 at 5:16 PM Homer, Tony <tony.homer@xxxxxxxxx> wrote:

Thanks for responding Jeff.

 

My main concern is that the current version of Spotify has dependencies with unmitigated CVEs.

I’d like if Docker Tooling would use a version of Spotify without CVEs.


Of course. Can you specify which dependencies and versions?

I can fork both Spotify and Docker Tooling myself in order to get to compliance with my company’s software release policies, but I’d prefer to upstream changes if possible.

Would you be willing to make a fork for Docker Tooling to use which I could upstream changes to?


Yes, as mentioned in my previous note we can certainly do that for bug fixes and patches are welcome.

I’ll just be bumping dependency versions and fixing and making any related, required changes for compatibility.

 

Also, will you be attending EclipseCon next month?


Unfortunately, I am not attending this year, but Roland Grunberg will be there and perhaps he can meet up with you and discuss.  Roland is the
head of the Orbit project and also a fellow maintainer of the Docker Tooling plug-ins.

 

Tony

 

From: <linuxtools-dev-bounces@xxxxxxxxxxx> on behalf of Jeff Johnston <jjohnstn@xxxxxxxxxx>
Reply-To: Linux Tools developer discussions <linuxtools-dev@xxxxxxxxxxx>
Date: Friday, September 20, 2019 at 12:57 PM
To: Linux Tools developer discussions <linuxtools-dev@xxxxxxxxxxx>
Subject: Re: [linuxtools-dev] regarding the dependency on spotify docker client

 

Hi Tony,

 

Our current plan is to use the last release of Spotify Docker Client as long as possible as we currently do not have the cycles to replace it.

We are certainly open to suggestions and patches.

 

We have started looking at Podman but this is not a viable replacement for non-linux systems.

 

We have in the past made patches to the upstream Spotify Docker Client and yes, we will need to create a fork for such future changes as needed but this will be

focussed only on Docker Tooling maintenance and not assuming general ownership of the project.

 

Regards,

 

-- Jeff J.

 

On Fri, Sep 20, 2019 at 2:31 PM Homer, Tony <tony.homer@xxxxxxxxx> wrote:

Hi linuxtools-dev.

 

Docker Tooling depends on Spotify Docker Client, which is no longer being maintained.

I had posted an issue asking if there is a well-supported fork but have not gotten any responses:

https://github.com/spotify/docker-client/issues/1166

 

What is the plan for addressing this?

The options I can think of are to either replace Spotify with an actively maintained Java client or transition to a fork which is maintained by the Docker Tooling Team.

 

Thanks for your attention!

Tony Homer

_______________________________________________
linuxtools-dev mailing list
linuxtools-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/linuxtools-dev

_______________________________________________
linuxtools-dev mailing list
linuxtools-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/linuxtools-dev

Back to the top