[SOLVED] Necessary to update to node v0.10.41?

Hi, after those security related issues and fixes on nodejs and openssl, I ask myself how important that update should be done.

See the issue at: https://github.com/meteor/meteor/issues/5754

In case that there is no official patch it might be not that critical?

I am asking in case to prepare new builds for the ARM and BSD forks to support 0.10.41.

Your comments about that are welcome.


@sashko kinda touched upon the criticality vis-a-vis Meteor deployments in a comment on the github issue.

Looks like they’ve already updated the code so it’s probably ready to merge in your forks.

Btw these forks are a great initiative! Hope to play with the ARM one soon.

Yeah, I already read the GitHub ticket comments.

Thanks and have fun with ARM :wink:

I know moving to node 4x (w/ LTS) will be a much greater change, but seeing as it seems like it’s already the consensus that meteor should (eventually) upgrade to the 4x, it seems silly to me that MDG/community is spending time doing these slight incremental updates instead of doing one big, albeit breaking change. I’ve already had to refactor my codebase twice (es6, and now modules), I’d prefer not to have to do so again unnecessarily.

According to sashko’s aforementioned comment, there shouldn’t be any (major) breaking changes with this little update, yet this still doesn’t sit right with me. I understand why this—relatively—minor update is being pushed right now instead of one with the shiney new node… Moreover, I mean, this is the logical step given the MDG’s reluctance to push more breaking changes, but still seems a little backasswards to me.

TL;DR — *grumble* *grumble* outdated *grumble*

PS: I that a few weeks/months ago the argument against transitioning to 4x was due to fibers not working, and upon checking back in on that, it appears that is still the case, to some degree. So, I know it’s not realistic to make such an update now, but ugh. idk. just expressing my sentiment here

1 Like

Hi @rozzzly - it’s funny or a pity (you may decide) but I am also investing time in the near packages / requirements world like fibers. You may have a look at latest discussions on (https://github.com/laverdet/node-fibers/issues/248#issuecomment-160887963) where a number of devs had currently tried to get fibers on 4.0. I am pretty sure that these related projects will be ready in the next near future but it will take its time until (we) get all updated for meteor as well.

IMHO it is a good decision from MDG/@sashko not to break thinks.

I concur. Don’t get me wrong; it’s definitely the right choice, but not the one that makes me happiest