This bug is part of the non-responsive maintainer procedure for vakwetu, following https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_package_maintainers/. Please respond if you are still active in Fedora and want to maintain resteasy.
As a member of the Dogtag team, I'm responding on behalf of @vakwetu. We will be taking over this package and will be responsible to fix the CVEs. Please do not retire resteasy.
Nobody's retiring anything. What is your time frame? Some of the security bugs are 3 years old. Could you please assing the package to somebody who will be actually working on it?
> Could you please assing the package to somebody who will be actually working on it? Taking that back, I see now that the package is assigned to you.
Miro, I'll be updating resteasy next month in F29-rawhide. I'm not sure what version we'll rebase to, we'll have to see what Dogtag works with. We can go at least to 3.0.26, which to my knowledge fixes all CVEs that I'm aware of. Should I take the assignee of this bug too, or just the FTBFS+CVE bugs?
Whatever works for you the best.
Greetings everyone! we have rebased resteasy to 3.0.26. We have placed the updates on bodhi too. F30: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6cb9165980 F31: https://bodhi.fedoraproject.org/updates/FEDORA-2019-636c9ead78 F32/rawhide: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9cf340d96e So, closing this bug as CURRENTRELEASE. Feel free to modify the fields if necessary :)