Re: RFC: tomcat8 in the remaining jessie lifecycle
On Sat, Jun 30, 2018 at 04:24:24PM +0200, Markus Koschany wrote:
> Am 30.06.2018 um 04:00 schrieb Roberto C. Sánchez:
> [...]
> > Comments and suggestions are most welcome.
>
> I would suggest to fix the open CVE via patches for now. Being EOL does
> not necessarily mean that we cannot backport fixes from the 8.5 branch
> but at some point upgrading from 8.x to 8.5 might be the only viable
> option. At the moment I recommend to refrain from marking Tomcat 8 EOL.
>
That makes sense. I have already prepared the necessary patches and I
am now trying to ensure that the unit test failures I am seeing do not
indicate a regression as a result from the patches I introduced.
I don't think that we need to make an EOL decision/announcement with any
urgency at this point. However, it is sensible to at least have a
discussion on it so that when the time comes it will not be the first
discussion of it.
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: