On 24.03.2015 12:30, Emmanuel Bourg wrote:
> I don't think this is a good idea. commons-httpclient is a very popular
> library, even in its older incarnation. Removing it could make it harder
> to bring new libraries or applications to Debian.


well, this contradicts what Debian already recommends to users. The
package description of libhttpclient-java states:

"HttpComponents Client is a successor of and replacement for Commons
HttpClient 3.x. Users of Commons HttpClient are strongly encouraged to

It will be much harder in the future to fix security issues when there
is no upstream support and apparently commons-httpclient won't be
developed anymore in favor of libhttpclient-java and Co. The
dependencies should be changed whenever possible to the new and
maintained implementation because this is what we do for all libraries
and applications across the distribution. There will be cases where it
is not as simple but at least we should try to reduce the security risk
and maintenance burden.



Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to