http://sabre.io/ is a library used in webapp (owncloud and horde)
History:
The libraries was first distributed in a pear channel: php-sabredav-Sabre php-sabredav-Sabre_CalDAV php-sabredav-Sabre_CardDAV php-sabredav-Sabre_DAV php-sabredav-Sabre_DAVACL php-sabredav-Sabre_HTTP * php-sabredav-Sabre_VObject
Upstream drop this pear channel (last version was 1.6) and now distribute this library only as a composer library. The packages were updated to 1.7 to match owncloud need.
Newer versions are available in separate packages, which allow parallel installation. php-sabre-dav php-sabre-event php-sabre-http php-sabre-vobject
Current version is 1.8 which is used by both Horde 5.2 and Owncloud 8.0
Context: Upstream only maintains version 2.x (see http://sabre.io/dav/install/) and upcoming owncloud 8.1 requires version 2.1, but horde still requires 1.8 (upstream is working on updating this component, but this is planed for next major version, at it will also imply to raise minimal PHP version to 5.4)
I don't think it make sense to maintain a parallel installation of an old unmaintained version, as this will expose it to our users, which seems a bad idea.
Horde_Dav is a fake pear package which only provide this library and which is maintained by Horde (big project, could rely on them for fixing security issue if needed)
Request: Allow a temporary exception to bundle sabre/dav in php-horde-Horde-Dav until version 2.x can be used.
This will allow to drop 1.7 and 1.8 from the repository and provide a maintained 2.x (for owncloud 8.1)
This seems well reasoned. +1.
We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2015-09-24/fpc.2015-09-24-16.00.txt):
Done in http://pkgs.fedoraproject.org/cgit/php-horde-Horde-Dav.git/commit/?id=202c89f46984bffb97ee879d72d9ab333aa79136
Metadata Update from @tibbs: - Issue assigned to james
Log in to comment on this ticket.