Hi, I think we should file bug reports and start replacing libcommons-httpclient-java with libhttpclient-java. Reasoning: commons-httpclient is obsolete and has been EOL since 2011. It is no longer supported and was/is affected by multiple security issues. [1] I suggest to file bug reports with severity "Important" and to raise the severity to serious when the list of rdeps is small. The goal is to remove libcommons-httpclient-java during the Stretch release cycle. Most of the 34 reverse-dependencies [2] are maintained by us. Complete dd-list is attached. There are more packages which should be removed (libservlet2.5-java comes to mind). More ideas? My proposed bug report template: Tags: sid stretch User: pkg-java-maintainers@lists.alioth.debian.org Usertags: oldlibs commons-httpclient Hi, #PACKAGE# depends on libcommons-httpclient-java, which is obsolete and has reached EOL status since 2011. It is no longer supported upstream and was affected by multiple security issues in the recent past. #PACKAGE# should be ported to the new libhttpclient-java version, so that we can remove the old, unmaintained one. Please try to do this before the Stretch release as we are going to try to remove libcommons-httpclient-java this cycle. We will bump this issue to serious when the list of rdeps is small and we are getting ready to remove libcommons-httpclient-java completely. If you have any questions don't hesitate to ask. On behalf of the Debian Java Maintainers Markus [1] https://bugs.debian.org/781063 [2] not-yet-commons-ssl ivy ant-contrib netbeans wsdl2c activemq commons-vfs libspring-java jenkins-json libxmlrpc3-java jftp wagon jajuk spring-build wagon2 libexml-java jenkins axis jackrabbit eclipse mule maven-docck-plugin biomaj triplea openid4java lucene-solr libjboss-common-java jets3t jenkins-htmlunit libreoffice libowasp-antisamy-java jakarta-jmeter jabsorb jspwiki
Adnan Hodzic <adnan@foolcontrol.org> eclipse (U) jspwiki (U) Andres Mejia <amejia@debian.org> eclipse (U) Andrew Ross <ubuntu@rossfamily.co.uk> netbeans (U) Brian Thomason <brian.thomason@eucalyptus.com> mule (U) wsdl2c (U) Charles Plessy <plessy@debian.org> mule (U) Chris Grzegorczyk <grze@eucalyptus.com> mule (U) Chris Halls <halls@debian.org> libreoffice (U) Damien Raude-Morvan <drazzib@debian.org> activemq (U) axis (U) commons-vfs (U) jackrabbit (U) jajuk (U) libspring-java (U) libxmlrpc3-java (U) spring-build wagon2 (U) Debian Eucalyptus Maintainers <pkg-eucalyptus-maintainers@lists.alioth.debian.org> mule wsdl2c Debian Java maintainers <pkg-java-maintainers@lists.alioth.debian.org> jftp Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> activemq ant-contrib axis commons-vfs ivy jabsorb jackrabbit jajuk jakarta-jmeter jenkins jenkins-htmlunit jenkins-json jets3t jspwiki libexml-java libjboss-common-java libowasp-antisamy-java libspring-java libxmlrpc3-java lucene-solr maven-docck-plugin netbeans not-yet-commons-ssl openid4java triplea wagon wagon2 Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org> libreoffice Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org> biomaj Debian Orbital Alignment Team <pkg-java-maintainers@lists.alioth.debian.org> eclipse Emmanuel Bourg <ebourg@apache.org> axis (U) jakarta-jmeter (U) libxmlrpc3-java (U) wagon (U) wagon2 (U) Graziano Obertelli <graziano@eucalyptus.com> mule (U) Jakub Adam <jakub.adam@ktknet.cz> axis (U) eclipse (U) libxmlrpc3-java (U) lucene-solr (U) James Page <james.page@canonical.com> ant-contrib (U) James Page <james.page@ubuntu.com> jenkins (U) jenkins-htmlunit (U) lucene-solr (U) James Page <jamespage@debian.org> jenkins-json (U) Jimmy Kaplowitz <jimmy@debian.org> eclipse (U) Kalle Kivimaa <killer@debian.org> jabsorb (U) Kumar Appaiah <akumar@debian.org> jftp (U) Kyo Lee <kyo.lee@eucalyptus.com> mule (U) Ludovic Claude <ludovic.claude@laposte.net> ivy (U) maven-docck-plugin (U) wagon (U) Markus Koschany <apo@gambaru.de> netbeans (U) Mat Scales <mat@wibbly.org.uk> lucene-solr (U) Matthew Vernon <matthew@debian.org> libowasp-antisamy-java (U) not-yet-commons-ssl (U) Miguel Landaeta <miguel@miguel.cc> ivy (U) jets3t (U) Miguel Landaeta <nomadium@debian.org> libspring-java (U) openid4java (U) Niels Thykier <niels@thykier.net> eclipse (U) jabsorb (U) jftp (U) libjboss-common-java (U) Olivier Sallou <osallou@debian.org> biomaj (U) Olivier Weinstoerffer <olivier.weinstoerffer@gmail.com> openid4java (U) Onkar Shinde <onkarshinde@ubuntu.com> jakarta-jmeter (U) Rene Engelhard <rene@debian.org> libreoffice (U) Scott Howard <showard@debian.org> triplea (U) Steffen Moeller <moeller@debian.org> mule (U) Torsten Werner <twerner@debian.org> axis (U) ivy (U) jajuk (U) libjboss-common-java (U) libxmlrpc3-java (U) wagon (U) Varun Hiremath <varun@debian.org> ivy (U) jajuk (U) jftp (U) libexml-java (U) libjboss-common-java (U) Xavier Oswald <xoswald@debian.org> openid4java (U)
Attachment:
signature.asc
Description: OpenPGP digital signature