Hi Emmanuel: On 08/29/2014 01:09 AM, Emmanuel Bourg wrote: > Le 28/08/2014 00:24, tony mancill a écrit : > >> Tomcat version for jessie: >> >> In a subsequent conversation, Miguel and I discussed targeting tomcat8 >> for jessie and removing tomcat6 and tomcat7 binary packages from the >> archive. If there are objections to this plan, please speak up. >> tomcat8 will probably end up with a couple extra binary/transitional >> packages, and thus will have go through NEW again. > > I think we have too many dependencies on tomcat6 to remove it completely > for Jessie. But we can at least change the tomcat6 source package to > build only: > - libservlet2.5-java: this package is the most commonly used as a build > dependency (about ~70 rdeps). It contains only interfaces, so there is > no security risk to keep it around. > - libtomcat6-java: I believe this one is mostly used to run unit tests > and could be kept for building packages only. We were discussing yesterday whether libservlet 3.0 was backwards compatible with 2.5, or whether tomcat8 could provide a 2.5 interface package. I take you don't think this is the right course of action. > tomcat7 will be maintained for the lifetime of Jessie and is still > widely used, I think we should keep it for Jessie and consider its > removal for Jessie+1. The intent here is to prevent having to support multiple versions of tomcat for security updates over the lifetime of jessie. I believe you had previously stated that tomcat8 was ready/stable from an upstream standpoint, and so I thought that it was the best candidate for a single tomcat version for the release. I can see the argument for having both if they serve different purposes, or if tomcat8 isn't a replacement for tomcat7. Thank you for your input, tony
Attachment:
signature.asc
Description: OpenPGP digital signature