On Wed, Sep 17, 2014 at 01:50:36PM +0200, Emmanuel Bourg wrote: > Le 17/09/2014 12:57, Moritz Muehlenhoff a écrit : > > > That's not how we handle in Debian: If a library is shipped in Debian, > > it is fully supported to be used by local libs. > > > > Anything in /usr/local or installed through Maven is of course the > > responsibility > > of the user. > > > > So we should go ahead with the removal of struts 1.2 by filing RC bugs > > against > > the packages using it. > > Well that's sad because this is really a waste of time and our resources > are desperately limited :( libstruts1.2-java is not a security threat as > used by the other Debian libraries and applications, and upstream even > provided a patch for CVE-2014-0114  despite the EOL. I'd rather > spend this time on other important issues.
Would it help if I upload NMUs for libspring-java and easyconf? Cheers, Moritz __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.