Re: Bug#675495: downgrading the severity of #675495 (openjdk-6 in wheezy)

[Julien Cristau <jcristau@debian.org>]

On Tue, Aug 28, 2012 at 17:43:57 +0200, Moritz Muehlenhoff wrote:

> OpenJDK Security support has always been a nightmare for the security
> team because there was no support from the maintainers. Security support 
> s primarily the responsibility of the maintainer.
> 
> If you dump two packages in the archive without taking any precautions
> to get a clean solution this only makes things worse. In any case we
> cannot hide the issue under the carpet. We have three options: 
> 
> - Drop openjdk6 from Wheezy (and proceed with the needed changes to allow
>   that)
> - The Java maintainers take up the responsibility and step up to support
>   openjdk6 in stable- and oldstable-security for Wheezy
> - A note is being added to the release notes that openjdk6 is unmaintained
>   security-wise in Wheezy and should not generally be used
> 
Dumping this issue to the release notes doesn't sound like a reasonable
option if there are lots of other packages still depending on it.  We
might as well drop all those packages, IMO.

Cheers,
Julien