Closed yuzibo closed 8 months ago
Currently, there is no way to directly switch to the original upstream version. The main reason for using the forked version is that the upstream version is not stable enough. There have been unexpected bugs caused by updates in the past. I do not want to invest too much effort in third-party libraries, especially when the current version already fully meets the requirements. Another reason is the need for certain functionalities that the original repository's author may not be willing to support.
https://github.com/fatedier/beego/pull/1 The CVE being fixed here is something we have never used before. We only use the logging library from it and will not make frequent changes due to other content.
Perhaps a better way in the future would be to look for alternative libraries or completely rewrite some of the content, but not now.
Thanks for clarifying. This is reason enough to convince them to use vendor libraries for the project. btw, please feel free to close the issue if this is not on your plan or to-do list.:)
Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.
https://github.com/fatedier/frp/pull/4009 The kcp-go package has been switched to the original upstream repository.
4009 The kcp-go package has been switched to the original upstream repository.
Oh, many thanks. This is really to reduce package work to Debian.
Describe the feature request
Hi, I am packaging the frp into Debian. But there are many packages which were not met. So may I ask here, could we try to switch fatedier/beego and fatedier/kcp-go to beego/beego&xtaci/kcp-go. Debian sponsor refers to package the origin upstream than the vendor package. But I am not sure this will reduce your maintainance burden also, like https://github.com/fatedier/beego/pull/1
Describe alternatives you've considered
No response
Affected area