Le 21/04/2012 14:12, D.Morgan a écrit :
On Sat, Apr 21, 2012 at 2:03 PM, Guillaume Rousse
<[email protected]> wrote:
Le 21/04/2012 13:44, D.Morgan a écrit :
Thanks for taking care of the tomcats too. tomcat5 just needs patched
for the
last two CVEs, and it'll be good to go.
yes as told i will do :) tomcat5 is the first on my todo ;)
Do we really need to have 3 different tomcat versions in the distribution
(5, 6 and 7) given the relatively high maintainance cost ? I'd rather drop
tomcat 5 than continue to have it on the list of blocker bugs before every
release.
this is planned for mga3 when we will have ported all packages needing
tomcat5 to use a newer version.
I'd rather first have the same interrogation for those packages before
investing any manpower in porting them: do we really need all of them in
the distribution ?
For instance, struts12 is a deprecated version of struts, dating from
2005, whereas current major version is 2.3. tiles20 is a deprecated
version of tiles, whose current version is 2.2.2. Etc...
I would have nothing againt those gazillion packages being present in
the distribution if their had no side-effect for the rest of the world
not using them. However, they do, when they involves release-blockers
bugs. And given you're almost the only guy working on the java stack,
I'd personnaly prefer to have you working on real issues affecting end
users (for instance #2516 and #2517) than fixing security issues for
softwares very unlikely to be used at all...
My point is that we could achieve better results with more focused
objectives in this regard.
--
BOFH excuse #103:
operators on strike due to broken coffee machine
