On Tue, Aug 25, 2015 at 11:52:47PM +0200, Markus Koschany wrote:
> I suggest to ask the release team for an exception and to provide the
> security fix via testing-proposed-updates. The CVE-fix appears to be
> straightforward and could be uploaded afterwards to stable-proposed-updates.

Thanks for the suggestion. I'll ask for authorization to release team
to go this with this approach.

> We shouldn't invest too much time in groovy 1.x anymore. I think the
> time is better spent on trying to switch all r-deps from groovy 1.x to
> 2.x as soon as possible and getting rid of this package.

I absolutely agree with you on this. All the time that I want to
spend working on groovy 1.x is to migrate r-deps to 2.x.

Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
"Faith means not wanting to know what is true." -- Nietzsche

Attachment: signature.asc
Description: Digital signature

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to