Bug#801002: libxmlrpc3-java: depends on obsolete libcommons-httpclient-java library

2015-10-20 Thread Markus Koschany
forwarded 801002 https://issues.apache.org/jira/browse/XMLRPC-191
tags 801002 patch
thanks

This issue was already reported upstream but the project looks pretty
dead nowadays. Two years ago someone proposed a patch to switch to
httpcomponents but it was never discussed.

Since libxmlrpc3-java seems to be unmaintained upstream, I see basically
two options:

1) Test if the proposed patch works and can be applied for the Debian
   package. Switch to httpcomponents.

2) Remove libxmlrpc3-java from Debian because it is unmaintained

I think the latter might be doable because only four packages
build-depend on libxmlrpc3-java.

Markus



signature.asc
Description: OpenPGP digital signature
__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Bug#801002: libxmlrpc3-java: depends on obsolete libcommons-httpclient-java library

2015-10-05 Thread apo
Package: libxmlrpc3-java
Severity: normal
User: pkg-java-maintainers@lists.alioth.debian.org
Usertags: oldlibs libcommons-httpclient-java

Hi,

libxmlrpc3-java depends on libcommons-httpclient-java, which is obsolete and was
replaced by libhttpclient-java. It has reached EOL status in 2011! It is no
longer supported upstream [1] and was affected by multiple security issues in
the recent past. libxmlrpc3-java should be ported to the new libhttpclient-java
version, so that we can remove the old, unmaintained one. Please forward this
issue upstream, if you can't migrate the package yourself.

We would like to see libcommons-httpclient-java removed during the Stretch
release cycle but due to the large number of reverse-dependencies the outcome
depends more than ever on your help.

Please help us to accomplish this goal. We will bump this issue to important
when the list of rdeps is getting smaller and we think that the removal is
possible. We will eventually raise the severity to serious when the number
of rdeps is small.

If you have any questions don't hesitate to ask and contact us on

debian-j...@list.debian.org

Regards,

Markus

[1] https://hc.apache.org/httpclient-3.x/

[2] 
https://security-tracker.debian.org/tracker/source-package/commons-httpclient

__
This is the maintainer address of Debian's Java team
. 
Please use
debian-j...@lists.debian.org for discussions and questions.