Hey. Although there may not be security issues within this package
itself, and while the descriptions of severity [1] may not perfectly
cover this unfortunate scenario, an update to this package (and others)
is urgently needed in order for Sid users to be able to install
critical security patches (since rolling back the gcc5 transition
temporarily I imagine isn't going to happen); and since this bug report
is all about fixing this dependency breakage issue, I feel that it is
perfectly appropriate to raise the severity as I have in order to help
ensure that the maintainers take proper note of the urgency for which
resolution of this issue is needed. Frankly I don't give a damn if the
maintainer disagrees with the severity, they can ignore or change it,
and at least it may have helped grab their attention. I think it's
perfectly worth risking making them a little annoyed over a possibly
inappropriately set severity level if it helps to make them aware of
the security issues going on here.

Regards :)

[1] https://www.debian.org/Bugs/Developers#severities

On Sat, 2015-08-08 at 02:47 +0200, Christoph Anton Mitterer wrote:
> Hey.
> I appreciate that you try to push in that matter,... but strictly
> speaking, there is no security issue in this package, and also the
> severity wouldn't be justified.
> Some maintainers may not be too happy about that...
> Cheers,
> Chris.

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to