Bug#698108: java-package: diff for NMU version 0.50+nmu2
Niels Thykier
niels at thykier.net
Tue Jan 15 07:48:59 UTC 2013
On 2013-01-15 00:57, David Prévot wrote:
> tags 698108 + patch
> thanks
>
> Dear maintainer,
>
> I've prepared an NMU for java-package (versioned as 0.50+nmu2) and
> uploaded it to DELAYED/2. Please feel free to tell me if I
> should delay it longer (or even if I should dcut it to 0-day, given the
> security matter).
>
> If you prefer to fix it in another not intrusive way (not c1fb4d0), I'm
> happy to (quickly) sponsor your package too.
>
> Regards.
>
> David
>
> [...]
Seems to me your patch will prevent anyone from using java-package on
the older Java7 binaries. If we do remove this support because they are
infested with security issues making them unsuitable for anything at
all[1], I think it should have a nice little error message saying "Nope,
won't do this - That version is vulnerable/unsupported/$whatever".
Just so people are aware it is a deliberate choice from "our" side and
not a buggy script crashing. (Particularly people have been using it
with older versions before. They might be surprised to see that
non-descriptive error message the reporter included in the original mail).
~Niels
[1] Something I would find entirely plausible at this point.
More information about the pkg-java-maintainers
mailing list