Do we need to continue shipping juju-mongo-tools3.2 in bionic?
Do we need to continue shipping juju-mongodb3.2 in bionic?
Are you aware that juju-mongodb3.2, has JS engine turned off, and is thus more secure than the monogdb source, which has JS engine compiled in - and thus has all the security vulnerabilities of a full web-browser more or less?
Please note the JS engine in src:mongodb does not receive security vulnerabilities patches.
Don't you instead want a mongodb 3.4, compiled in a similar fashion as the juju-mongodb3.2 package (wihtout js), avoiding forking the current packaging of src:mongodb?
With the intention that juju-mongodb3.4 is short-lived, until the daemon moves off using in-archive version.
Do we need to continue shipping juju-mongo-tools3.2 in bionic?
Do we need to continue shipping juju-mongodb3.2 in bionic?
Are you aware that juju-mongodb3.2, has JS engine turned off, and is thus more secure than the monogdb source, which has JS engine compiled in - and thus has all the security vulnerabilities of a full web-browser more or less?
Please note the JS engine in src:mongodb does not receive security vulnerabilities patches.
Don't you instead want a mongodb 3.4, compiled in a similar fashion as the juju-mongodb3.2 package (wihtout js), avoiding forking the current packaging of src:mongodb?
With the intention that juju-mongodb3.4 is short-lived, until the daemon moves off using in-archive version.