-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Recently, I tried to remove openjdk-[6-8] from a number of machines because of the large number of open security issues with openjdk (currently there are 23, 21 and 20 open security issues on openjdk-6, openjdk-7, and openjdk-8, resp.). I learned that due to some package dependencies, octave gets removed too. That's not desired. Octave should not have a strong dependency on openjdk. Any of the following solutions would do: 1) the dependency should be changed to "recommended", and/or 2) it should allow for some alternative java engine (e.g. gcj or whatever). (see also [4] ), 3) keeping the java dependency in a octave package "octave-java" as it was before 3.8.x Alois [1] https://security-tracker.debian.org/tracker/source-package/openjdk-6 [2] https://security-tracker.debian.org/tracker/source-package/openjdk-7 [3] https://security-tracker.debian.org/tracker/source-package/openjdk-8 [4] https://lists.alioth.debian.org/pipermail/pkg-octave-devel/2013-December /010469.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVphMhAAoJEBdbD2J3nb+MIMsH/2oevdIY3lJsIrLpna49mKcj zQo1Mc3zunsEZWLG8R+FyezLUrhnS0zeAIsjVSFbk3UznqaBuAgic+PjOE5uJDoU DvkC8pi81VDIHvycIsNiHhaKXdxtmTZIVf24b3lIWB+N/18STqP9SzjByu4klLXR pwG2Uq32cbbyWPm/xwSnQMew/5dWd8tEdsDaGGn1yD2pneiv2g4DbVSiVtGgEoBA b7b66vLVwFH9jHXbzxRhaLU3Gbntk8KX2/F2YHjtGGjaM/GUQ7aEC1R0UTSfXfnM /fpNkWhFmZW+CPFN2gmo7sU0xJqSTkU0tDLTE9FlO2KEuIAQjarFITVb0Fl7+mQ= =ApCl -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
