Bug#263201: tomcat4 should be upgraded to 4.1.x in sarge
Stefan Gybas
Stefan Gybas <sgybas@debian.org>, 263201@bugs.debian.org
Tue Aug 3 09:46:07 2004
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig134D592162CEC9AAAEA391E5
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Jerome Lacoste wrote:
> tomcat 4.0.4 is more than 2 years old. We cannot ship sarge with such an old and important application.
I fully agree with this.
> The release problem may be related to log4j release critical issue. See issue #221236
Yes, but the main problem is that the FTP maintainance scripts don't
ignore unresolvable dependencies for packages in contrib. tomcat4 and
libstruts1.1-java don't move to sarge because they depend on
java2-runtime which can't be fulfilled with packages in sarge. I have
already filed a bug report (#206034) because of this about a year ago.
> There may also be security issues with old tomcat.
> E.g. thhp://www.securityfocus.com/archive/1/292936/
I know. :-(
But your bug report will not help resolve the situation. And it's not a
bug in the tomcat4 package so you should better file it agianst
ftp.debian.org.
Stefan
--------------enig134D592162CEC9AAAEA391E5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFBD2rzCdoSgNrrJGsRAl+eAJ9+yEh6avoFb1iSXkAFILdu0G3PiQCggpeN
KlDthDBnSupbcrwKYYkbV/Y=
=q07T
-----END PGP SIGNATURE-----
--------------enig134D592162CEC9AAAEA391E5--