Source: undertow Severity: normal Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
I believe we should remove undertow from testing again for the same reasons as last time. Although the package is up-to-date no other package in Debian (except syncany in experimental) is currently using it. Undertow would be an essential requirement if someone wanted to introduce the Wildfly application server to Debian. https://bugs.debian.org/752018 There was apparently some interest in the past but no progress has been made so far. Since we already have two excellent alternatives in Debian, tomcat and jetty, maintaining yet another Java web server in Debian stable releases (without any reverse-dependencies) does not seem to be a good way to use our resources. I still intend to maintain undertow in unstable, perhaps someday there will be a contributor who wants to complete the work and maintain undertow in stable. Compared to tomcat and jetty, I also find the information policy of security vulnerabilites disappointing which makes maintaining undertow in stable releases unnecessarily difficult. Markus