Le 17/09/2014 12:57, Moritz Muehlenhoff a écrit : > That's not how we handle in Debian: If a library is shipped in Debian, > it is fully supported to be used by local libs. > > Anything in /usr/local or installed through Maven is of course the > responsibility > of the user. > > So we should go ahead with the removal of struts 1.2 by filing RC bugs against > the packages using it.
Well that's sad because this is really a waste of time and our resources are desperately limited :( libstruts1.2-java is not a security threat as used by the other Debian libraries and applications, and upstream even provided a patch for CVE-2014-0114 [1][2] despite the EOL. I'd rather spend this time on other important issues. Emmanuel Bourg [1] https://svn.apache.org/r1603882 [2] https://svn.apache.org/r1603883 __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
