Le 17/09/2014 12:57, Moritz Muehlenhoff a écrit : > That's not how we handle in Debian: If a library is shipped in Debian, > it is fully supported to be used by local libs. > > Anything in /usr/local or installed through Maven is of course the > responsibility > of the user. > > So we should go ahead with the removal of struts 1.2 by filing RC bugs against > the packages using it.
Well that's sad because this is really a waste of time and our resources are desperately limited :( libstruts1.2-java is not a security threat as used by the other Debian libraries and applications, and upstream even provided a patch for CVE-2014-0114 [1][2] despite the EOL. I'd rather spend this time on other important issues. Emmanuel Bourg [1] https://svn.apache.org/r1603882 [2] https://svn.apache.org/r1603883 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
