#571 sabre/dav bundle exception in Horde
Closed: Fixed None Opened 6 years ago by remi.

http://sabre.io/ is a library used in webapp (owncloud and horde)


The libraries was first distributed in a pear channel:
* php-sabredav-Sabre_VObject

Upstream drop this pear channel (last version was 1.6) and now distribute this library only as a composer library. The packages were updated to 1.7 to match owncloud need.

Newer versions are available in separate packages, which allow parallel installation.

Current version is 1.8 which is used by both Horde 5.2 and Owncloud 8.0

Upstream only maintains version 2.x (see http://sabre.io/dav/install/) and upcoming owncloud 8.1 requires version 2.1, but horde still requires 1.8 (upstream is working on updating this component, but this is planed for next major version, at it will also imply to raise minimal PHP version to 5.4)

I don't think it make sense to maintain a parallel installation of an old unmaintained version, as this will expose it to our users, which seems a bad idea.

Horde_Dav is a fake pear package which only provide this library and which is maintained by Horde (big project, could rely on them for fixing security issue if needed)

Allow a temporary exception to bundle sabre/dav in php-horde-Horde-Dav until version 2.x can be used.

This will allow to drop 1.7 and 1.8 from the repository and provide a maintained 2.x (for owncloud 8.1)

This seems well reasoned. +1.

We discussed this at this weeks meeting (http://meetbot.fedoraproject.org/fedora-meeting-1/2015-09-24/fpc.2015-09-24-16.00.txt):

  • 571 sabre/dav bundle exception in Horde (geppetto, 16:43:22)

  • LINK: https://fedorahosted.org/fpc/ticket/571 (geppetto, 16:43:23)
  • ACTION: Temporary bundling exception for sabre/dav in
    php-horde-Horde-Dav until version 2.x can be used. (+5, 0:0, -1:0)
    (geppetto, 16:51:37)

Metadata Update from @tibbs:
- Issue assigned to james

5 years ago

Login to comment on this ticket.