[I'm CC'ing debian-java so that we have more feedback] On Tue, Dec 09, 2003 at 02:47:00PM +0000, José Fonseca wrote: > Brian, I'm going to check what the problem you describe. [...] > > On Tue, Dec 09, 2003 at 09:36:05AM -0500, Brian Almeida wrote: > > Hi, > > > > I discovered a grave bug with j2re1.4 1.4.1.01-1 ... > > it overwrites kerberos binarys with symlinks to /etc/alternatives, > > which symlink to /usr/lib/j2se/1.4/bin/<binary>!
With the current wave attacks I was concerned the same had happened to the packages, but thankfully that's not the case. Not only that but the kerberos stuff is included in *all* java binaries I checked, including the original Blackdown's j2se1.4-i386-1.4.0.99beta and the recent Sun's j2sdk-1.4.2.02. Hubert Schmid's mpkg-j2sdk/j2se-package packages do the same thing AFAICT. > > Why on earth is java providing kerberos stuff? I don't know the answer for that, but I'll try to find out. Most likely java binaries have dependencies on kerberos binaries, and Sun decided to include them to cope with the wide variety of linux distributions out there. > > The binaries from krb5-user work fine. > > Please fix it so it doesn't clobber klist/kinit/etc! I guess there are too alternatives here: a) don't include kerbero stuff and depend on the respectives debian packages. b) include the alternatives but with a lower priority I'm inclined towards a) as I believe the less we rely on external binaries the better. Does anybody disagree? José Fonseca -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
