Le 11/02/2014 21:22, Bastian Blank a écrit : > Have you talked to the security team about this? Where does Debian ship > different versions of asm?
Debian has four versions of asm. Each version is incompatible with the previous one, and they share the same namespace (org.objectweb.asm.*). That means two versions can't coexist safely in the same classpath, this is guaranteed to break at runtime. That's why widely used libraries like cglib relocate the asm classes under a different namespace to avoid conflicts (net.sf.cglib.asm.*). I'm not sure to see why the security team would care about this though. Emmanuel Bourg __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
