Le 09/12/2017 à 23:29, Moritz Mühlenhoff a écrit :

> I'd say let's kick it out, then. We have a build dependency (and run time
> dependencies) on libspring-java, can we axe it out there?

jasperreports is just a build dependency of some unused parts of
libspring-java. No application in Debian needs it at run time. So these
vulnerabilities can be safely ignored in the stable releases.

Emmanuel Bourg

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to