[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#675495: downgrading the severity of #675495 (openjdk-6 in wheezy)

On Tue, Aug 28, 2012 at 17:43:57 +0200, Moritz Muehlenhoff wrote:

> OpenJDK Security support has always been a nightmare for the security
> team because there was no support from the maintainers. Security support 
> s primarily the responsibility of the maintainer.
> If you dump two packages in the archive without taking any precautions
> to get a clean solution this only makes things worse. In any case we
> cannot hide the issue under the carpet. We have three options: 
> - Drop openjdk6 from Wheezy (and proceed with the needed changes to allow
>   that)
> - The Java maintainers take up the responsibility and step up to support
>   openjdk6 in stable- and oldstable-security for Wheezy
> - A note is being added to the release notes that openjdk6 is unmaintained
>   security-wise in Wheezy and should not generally be used
Dumping this issue to the release notes doesn't sound like a reasonable
option if there are lots of other packages still depending on it.  We
might as well drop all those packages, IMO.


Reply to: