On Wed, 18 Oct 2017 13:29:19 +0200 Emmanuel Bourg <ebo...@apache.org> wrote:
> Upstream has moved to GitHub [1] and the last update was released in
> 2014 but the security issue is still not fixed [2].
> This was a dependency of Jenkins which is now gone. There is a slim
> chance that this package could be useful again in the future since it's
> a dependency of some Apache projects (Zeppelin, Atlas, Ranger and Knox).
> Emmanuel Bourg
> [1] https://github.com/kohsuke
> [2] https://github.com/kohsuke/libpam4j/issues/18

Apparently Red Hat patched their libpam4j package but they didn't
forward the patch upstream.


Actually I agree with Raphael. The software is unmaintained upstream and
unused in Debian. It's rather scary that other projects depend on it,
especially when it comes to security sensitive matters like PAM. In the
end it can always be reintroduced if someone really intends to maintain it.

Attachment: signature.asc
Description: OpenPGP digital signature

This is the maintainer address of Debian's Java team
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to