[ wearing the hat of the debian-security-support maintainer ] Raphael Hertzog wrote... > Thus I believe that we should mark the package as <end-of-life> and > recognize officially our inability to handle this package. As I have no particular opinion about that package, some general remarks: Ending support for a certain package always introduces a risk other packages are affected, too. So part of such a removal request should include an analyis about that. Now a quick glance at the reverse dependencies on packages that are build from src:glassfish reveals the following dependencies will become unsatisfyable, read: They'll point to unsupported packages ([s]uggest, [r]ecommends, depends else). libred5-java libopenjpa-java libjsf-api-java (s) libspring-webflow-2.0-java libspring-web-2.5-java (s) libspring-tx-2.5-java (r) libspring-jms-2.5-java libspring-context-2.5-java (r) libhibernate-validator-java libcommons-dbcp-java (s) liblogback-java (s) libeclipselink-java Question to those who are acquainted with these packages: Is this acceptable? Is there a feasible solution for users who are affected by this? > If there are no objections, I'll file a bug against > debian-security-support to request this. That shouldn't be necessary, a word from the security team will be sufficient. It wouldn't hurt, though. Christoph
Attachment:
signature.asc
Description: Digital signature