Am 05.10.2015 um 22:35 schrieb Neil Bartlett: [...] > There is no contradiction… where did I claim that it only supports 2.5?
You wrote: > We cannot simply update to 3.1 since that could break any consumers using 2.5 > — also the package would not comply with the published specification. I read the last part of this sentence as that the "package" was src:osgi-compendium from Debian but it seems I have misunderstood you. I would like to know more about your specific use case and in which context you use Debian's osgi-compendium package in order to better understand your concerns. > The specification supports users who depend on servlet 2.5 or above. That > means the specification JAR compiles against the lowest version that it > supports, i.e. 2.5. This is correct. Like I said servlet 2.5 is the minimum requirement for OSGi 5. However Debian's osgi-compendium package would also comply with the specification if it was compiled against a later version, e.g 3.1. [...] > The source code for OSGi Compendium contains the type > org.osgi.service.http.HttpService, which depends on types from the > javax.servlet package. If the osgi-compendium package in Debian builds from > Java sources then it certainly needs javax.servlet to be present on the > compiler’s classpath, and therefore the dependency cannot be removed. On the > other hand if it repackages pre-built JARs from elsewhere then I would agree > that javax.servlet does not need to be present as a dependency. I have checked the source package again and this was a mistake on my side. The servlet dependency is needed. If I remove the build-dependency on libservlet2.5-java it compiles successfully but only because another implicit build-dependency depends on libservlet2.5-java too. >> Can you provide an example what package in Debian would be negatively >> affected if we started to build-depend/depend on libservlet3.1-java? > > No I am not able to answer this. I need more information how this upgrade to libservlet3.1-java affects your setup and under which circumstances it would break your "consumers", otherwise I can't help you. Also libservlet2.5-java won't probably go away in Stretch, so you can still install this package if you like. Markus
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.