Le 18/07/2012 19:39, Benjamin Jaton a écrit :
The packages glassfish-* shipped in all the version of Debian are
The glassfish v2 open souce code hasn't received any updates since
2010, not even critical security updates.
Only the Oracle Enterprise version is still maintained.
Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964
), they may contains security flaws.
We just don't know, right?
The v3 version is very stable and actively maintained. I would
consider shipping it instead of v2.
Thanks for the information.
Do you think we should ask for a removal in Wheezy ?
Are you volunteer to package the v3 ?