[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Unsupported packages for Wheezy LTS

Am 19.11.2015 um 21:45 schrieb Moritz Mühlenhoff:
> Another package which needs to be sorted out is the support for
> Java. wheezy has both openjdk-6 and openjdk-7 (jessie has only
> -7 and stretch will also only have one version).
> Currently the maintenance heavily relies on the gruntwork done
> by Matthias Klose (and recently indirectly Tiago St�rmer Daitx):
> The unstable releases are backported.
> It needs to be sorted with them out how long these openjdk-6
> uploads will be available in experimental (and how long upstream
> support in icedtea will happen). Otherwise it might make more
> sense to only support openjdk-7 in Debian LTS. Some rdeps in
> wheezy will not allow that, but I think most people use openjdk
> to run external java apps and not the Java apps packaged in
> Debian (with maybe Tomcat as the exception).


I believe Debian Java is more than just OpenJDK and Tomcat and it is
rather discouraging to read that "most people use openjdk to run
external java apps and not the Java apps packaged in Debian". The Debian
Java team alone maintains about 900 source packages and according to
popcon there are several packages besides Tomcat with a significant user

I suggest to keep the Java team involved when it comes to security
support in LTS releases, so that we can help to identify important
packages and sort things out. There are some Java packages which have no
security implications at all (API packages) and others that deserve more
attention and where we gladly accept help from the (LTS-) security team.
I think I am not the only one who is interested in improving the
security support for Java packages but we should really discuss this
together. For what it's worth security support for OpenJDK 6 can be
dropped at some time during Wheezy LTS. It is sensible to advise users
to switch to OpenJDK 7 then. Most packages should continue to work
because they were compiled against version 5 anyway.



Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: