Bug#779331: wheezy update

I think this also needs to be a security update in wheezy and jessie. What are the plans for that? signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please

Bug#779331: maven downloads and runs completely unauthed jars via HTTP

Package: maven Version: 3.0.4-3 Severity: grave Tags: security By default, maven versions before v3.2.3 downloads from Maven Central using plain HTTP and do not check any kind of signature on the code before running it. This is a very bad situation, making it quite easy for malicious actors take

Bug#814876: builds for me

I just tried to build lombok-patcher on my sid chroot, and it built fine. This whole lombok group of packages has a bunch of circular deps, could it be that liblombok-java was out of date on your machine? I think that lombok-patcher and/or maybe ivyplusplus need to have versioned Build-Depends

Bug#681726: Time to remove eclipse from Testing?

Markus Koschany: > On Wed, 15 Nov 2017 18:01:07 +0200 Adrian Bunk wrote: > [...] >> I tried to sort out what I could find as required for getting the >> ancient eclipse out of testing in [1]: >> >> 1. src:bnd >> You fixed that already. >> >> 2. batik -> maven -> guice ->