On 01/14/2013 11:48 PM, Niels Thykier wrote: > On 2013-01-15 00:57, David Prévot wrote: >> tags 698108 + patch >> thanks >> >> Dear maintainer, >> >> I've prepared an NMU for java-package (versioned as 0.50+nmu2) and >> uploaded it to DELAYED/2. Please feel free to tell me if I >> should delay it longer (or even if I should dcut it to 0-day, given the >> security matter). >> >> If you prefer to fix it in another not intrusive way (not c1fb4d0), I'm >> happy to (quickly) sponsor your package too. >> >> Regards. >> >> David >> >> [...] > > Seems to me your patch will prevent anyone from using java-package on > the older Java7 binaries. If we do remove this support because they are > infested with security issues making them unsuitable for anything at > all, I think it should have a nice little error message saying "Nope, > won't do this - That version is vulnerable/unsupported/$whatever". > Just so people are aware it is a deliberate choice from "our" side and > not a buggy script crashing. (Particularly people have been using it > with older versions before. They might be surprised to see that > non-descriptive error message the reporter included in the original mail).
I had the same thought - there may be a valid reason for someone to want to run jdk-7u9. This issue already appears to be addressed in the 0.51 package (but with a different patch). I'm assuming we want to keep the patch minimal - can we use this these patterns instead? jdk-7u+([0-9])-linux-i586.tar.gz jdk-7u+([0-9])-linux-x64.tar.gz David, if you'd prefer not to upload again, could you remove the upload and I'll prepare the update. (But thank you for taking the initiative in the first place!) Thank you, tony
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.