>From there I don't know, I feel like it should be removed for safety but other packages rely on them. Unfortunately I won't be a volunteer to package the v3.
Ben On Wed, Jul 18, 2012 at 3:14 PM, Sylvestre Ledru <[email protected]>wrote: > Le 18/07/2012 19:39, Benjamin Jaton a écrit : > > Hello, > > The packages glassfish-* shipped in all the version of Debian are version > 2.1.1. > The glassfish v2 open souce code hasn't received any updates since 2010, > not even critical security updates. > ( https://svn.java.net/svn/glassfish~svn/trunk/v2/ ) > Only the Oracle Enterprise version is still maintained. > Even if those are not the full server stack ( > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may > contains security flaws. > We just don't know, right? > > The v3 version is very stable and actively maintained. I would consider > shipping it instead of v2. > > > Thanks for the information. > Do you think we should ask for a removal in Wheezy ? > Are you volunteer to package the v3 ? > > ThanksS >
