Le 11/02/2014 21:22, Bastian Blank a écrit :
> Have you talked to the security team about this? Where does Debian ship
> different versions of asm?
Debian has four versions of asm. Each version is incompatible with the
previous one, and they share the same namespace (org.objectweb.asm.*).
That means two versions can't coexist safely in the same classpath, this
is guaranteed to break at runtime. That's why widely used libraries like
cglib relocate the asm classes under a different namespace to avoid
I'm not sure to see why the security team would care about this though.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.