[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debian java BoF - 2014/08/25

Hi Emmanuel:

On 08/29/2014 01:09 AM, Emmanuel Bourg wrote:
> Le 28/08/2014 00:24, tony mancill a écrit :
>> Tomcat version for jessie:
>> In a subsequent conversation, Miguel and I discussed targeting tomcat8
>> for jessie and removing tomcat6 and tomcat7 binary packages from the
>> archive.  If there are objections to this plan, please speak up.
>> tomcat8 will probably end up with a couple extra binary/transitional
>> packages, and thus will have go through NEW again.
> I think we have too many dependencies on tomcat6 to remove it completely
> for Jessie. But we can at least change the tomcat6 source package to
> build only:
> - libservlet2.5-java: this package is the most commonly used as a build
> dependency (about ~70 rdeps). It contains only interfaces, so there is
> no security risk to keep it around.
> - libtomcat6-java: I believe this one is mostly used to run unit tests
> and could be kept for building packages only.

We were discussing yesterday whether libservlet 3.0 was backwards
compatible with 2.5, or whether tomcat8 could provide a 2.5 interface
package.  I take you don't think this is the right course of action.

> tomcat7 will be maintained for the lifetime of Jessie and is still
> widely used, I think we should keep it for Jessie and consider its
> removal for Jessie+1.

The intent here is to prevent having to support multiple versions of
tomcat for security updates over the lifetime of jessie.  I believe you
had previously stated that tomcat8 was ready/stable from an upstream
standpoint, and so I thought that it was the best candidate for a single
tomcat version for the release.  I can see the argument for having both
if they serve different purposes, or if tomcat8 isn't a replacement for

Thank you for your input,

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: