Bug#799007: bouncycastle: please package a newer version or upload 1.51-1 to unstable

Markus Koschany apo at gambaru.de
Wed Dec 2 23:53:01 UTC 2015


I have patches for libitext-java and libitext5-java. There are only two
remaining packages now:

voms-api-java
jenkins-instance-identity


The tests in voms-api-java fail and according to

https://github.com/italiangrid/voms-api-java/issues/17

a new version was planned for September which would have been based on
bouncycastle 1.52. Unfortunately it hasn't been released yet. The Debian
maintainer for voms-api-java also maintains the package in Fedora and I
wonder why it works for Fedora but not for Debian. Both use the same
patches and the same upstream version and Fedora even uses Bouncycastle
1.52.

http://pkgs.fedoraproject.org/cgit/voms-api-java.git/

I think the upload of BC 1.51 is still more important due to the
security vulnerability and we should file severity serious bugs for both
packages. If there are no objections, I will take care of the
bouncycastle upload this weekend and upload the fixed packages as well.

Markus

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20151203/bae9f4d1/attachment-0001.sig>


More information about the pkg-java-maintainers mailing list