Bug#758516: Struts 1.2 should not be shipped with jessie
Moritz Muehlenhoff
jmm at inutil.org
Wed Sep 17 10:57:35 UTC 2014
On Tue, Sep 16, 2014 at 12:12:03AM +0200, Emmanuel Bourg wrote:
> Le 15/09/2014 23:56, Moritz Mühlenhoff a écrit :
>
> > Then it should be easy to remove?
>
> Actually it's easier to keep it, since a removal induces more work to
> update the reverse dependencies.
>
>
> > Well, but if we keep old, unsupported libs around, people might be exposed
> > by running code not shipped in Debian, but using these libraries.
>
> Sure but we are not responsible for such things. This library can be
> downloaded from other places like Maven Central, removing it won't
> change anything.
That's not how we handle in Debian: If a library is shipped in Debian,
it is fully supported to be used by local libs.
Anything in /usr/local or installed through Maven is of course the responsibility
of the user.
So we should go ahead with the removal of struts 1.2 by filing RC bugs against
the packages using it.
Cheers,
Moritz
More information about the pkg-java-maintainers
mailing list