On Tue, Aug 25, 2015 at 11:52:47PM +0200, Markus Koschany wrote: > > I suggest to ask the release team for an exception and to provide the > security fix via testing-proposed-updates. The CVE-fix appears to be > straightforward and could be uploaded afterwards to stable-proposed-updates.
Thanks for the suggestion. I'll ask for authorization to release team to go this with this approach. > > We shouldn't invest too much time in groovy 1.x anymore. I think the > time is better spent on trying to switch all r-deps from groovy 1.x to > 2.x as soon as possible and getting rid of this package. I absolutely agree with you on this. All the time that I want to spend working on groovy 1.x is to migrate r-deps to 2.x. -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche
Description: Digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.