Comment 3 for bug 1756432

Do we need to continue shipping juju-mongo-tools3.2 in bionic?

Do we need to continue shipping juju-mongodb3.2 in bionic?

Are you aware that juju-mongodb3.2, has JS engine turned off, and is thus more secure than the monogdb source, which has JS engine compiled in - and thus has all the security vulnerabilities of a full web-browser more or less?

Please note the JS engine in src:mongodb does not receive security vulnerabilities patches.

Don't you instead want a mongodb 3.4, compiled in a similar fashion as the juju-mongodb3.2 package (wihtout js), avoiding forking the current packaging of src:mongodb?

With the intention that juju-mongodb3.4 is short-lived, until the daemon moves off using in-archive version.