Bug#970346: undertow: should not be part of Debian 11

Markus Koschany apo at debian.org
Mon Sep 14 23:07:15 BST 2020


Source: undertow
Severity: normal
Tags: security
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>

I believe we should remove undertow from testing again for the same
reasons as last time. Although the package is up-to-date no other
package in Debian (except syncany in experimental) is currently using
it. Undertow would be an essential requirement if someone wanted to
introduce the Wildfly application server to Debian.

https://bugs.debian.org/752018

There was apparently some interest in the past but no progress has
been made so far. Since we already have two excellent alternatives in
Debian, tomcat and jetty, maintaining yet another Java web server in
Debian stable releases (without any reverse-dependencies) does not seem to be
a good way to use our resources.

I still intend to maintain undertow in unstable, perhaps someday there will
be a contributor who wants to complete the work and maintain undertow
in stable. Compared to tomcat and jetty, I also find the information
policy of security vulnerabilites disappointing which makes
maintaining undertow in stable releases unnecessarily difficult.

Markus



More information about the pkg-java-maintainers mailing list