Am 05.10.2015 um 22:35 schrieb Neil Bartlett:
[...]

> There is no contradiction… where did I claim that it only supports 2.5?

You wrote:

> We cannot simply update to 3.1 since that could break any consumers using 2.5 
> — also the package would not comply with the published specification.

I read the last part of this sentence as that the "package" was
src:osgi-compendium from Debian but it seems I have misunderstood you. I
would like to know more about your specific use case and in which
context you use Debian's osgi-compendium package in order to better
understand your concerns.


> The specification supports users who depend on servlet 2.5 or above. That 
> means the specification JAR compiles against the lowest version that it 
> supports, i.e. 2.5.

This is correct. Like I said servlet 2.5 is the minimum requirement for
OSGi 5. However Debian's osgi-compendium package would also comply with
the specification if it was compiled against a later version, e.g 3.1.

[...]
> The source code for OSGi Compendium contains the type 
> org.osgi.service.http.HttpService, which depends on types from the 
> javax.servlet package. If the osgi-compendium package in Debian builds from 
> Java sources then it certainly needs javax.servlet to be present on the 
> compiler’s classpath, and therefore the dependency cannot be removed. On the 
> other hand if it repackages pre-built JARs from elsewhere then I would agree 
> that javax.servlet does not need to be present as a dependency.

I have checked the source package again and this was a mistake on my
side. The servlet dependency is needed. If I remove the build-dependency
on libservlet2.5-java it compiles successfully but only because another
implicit build-dependency depends on libservlet2.5-java too.


>> Can you provide an example what package in Debian would be negatively
>> affected if we started to build-depend/depend on libservlet3.1-java?
> 
> No I am not able to answer this.

I need more information how this upgrade to libservlet3.1-java affects
your setup and under which circumstances it would break your
"consumers", otherwise I can't help you. Also libservlet2.5-java won't
probably go away in Stretch, so you can still install this package if
you like.

Markus

Attachment: signature.asc
Description: OpenPGP digital signature

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to