Bug#1056552: sop-java: 4.1.2 is available upstream
Jérôme Charaoui
jerome at riseup.net
Sat Dec 2 19:24:46 GMT 2023
On Wed, 22 Nov 2023 17:24:06 -0500 Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> Package: src:sop-java
> Version: 4.1.0
> Control: affects -1 + pgpainless-cli
>
> Hi folks--
>
> sop-java 4.1.2 is available upstream, and should be a relatively
> straightforward update in Debian.
>
> As are several substantially newer versions, but the newer ones look
> like they might be semver incompatible, so for the purposes of keeping
> the 1.3.* series of pgpainless-cli in debian they are probably not
> advisable to upgrade until the newer version of bouncycastle lands in
> unstable, see #1049356.
The 1.3.* series of pgpainless doesn't build with bouncycastle-1.77,
which has been uploaded in Debian recently, so I think we don't have
much choice but to bring both sop-java and pgpainless to the latest
versions.
However, sop-java upstream have ported their code to Kotlin, and I'm not
sure whether its feasible to keep it in Debian anymore since Kotlin,
although in Debian currently, is quite new and has two unfixed CVEs
against it.
I also couldn't find any other Kotlin projects in Debian which
build-depend on Kotlin (aside from Kotlin itself and some related plugins).
What do you think?
-- Jérôme
More information about the pkg-java-maintainers
mailing list