Kaffe marked remove (was Release-critical Bugreport for May 9, 2003)
On Fri, 9 May 2003, BugScan reporter wrote:
> Bug stamp-out list for May 9 06:09 (CST)
>
> Total number of release-critical bugs: 785
> Number that will disappear after removing packages marked [REMOVE]: 18
[...]
> Package: kaffe (debian/main)
> Maintainer: Ean R. Schuessler <ean@brainfood.com>
> [REMOVE]
> 191866 [ S ] kaffe: Tempfile attack makes arbitrary users able to overwrite files
>
Why is this package marked remove? It's one of few potentially useful free
Java implementation in Debian. Java programs may have to move to contrib
if there's no kaffe. I can't site any examples as I don't know whether
they work with gij or the immature sablevm [1]... ie I don't have a quick
way to verify a package will only work with Kaffe (I don't have
apt-showpackage right now). Other java implementations in Debian include
Japhar, tya, gcj. According to http://bjorn.haxx.se/debian/toplist.html 6
packages are waiting for the new Kaffe to go into testing.
Note bug 191866 was reported May 4th and according to
http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=kaffe there *was* one
other RC bug that was opened Feb 24 and closed about a month later...
gij 3.3 [2] may be good enough to replace kaffe? gnu classpath, and
libgcj compatibility seems to be better than Kaffe [3], but I don't know
what that means.
I also wonder if there is a more appropriate place/person to ask why
something is marked remove.
[1] http://lists.debian.org/debian-java/2003/debian-java-200304/msg00072.html
packages also shouldn't set their build-deps this way unless they actualy
work with all.
[2] Version status info at http://packages.qa.debian.org/gcc-3.3
[3] http://rainbow.netreach.net/~sballard/japi/
Drew Daniels
Reply to: