On 12 March 2014 14:33, Emmanuel Bourg <ebo...@apache.org> wrote: > For the record I pushed the latest version of tomcat7 to > wheezy-backports. I do agree that uploading the new versions of Tomcat > to fix security issues would be much better than backporting the changes > to the version in stable. Tomcat is very stable and well tested, the > risk of regression is low.
Ah ... I have found otherwise. In particular, the Tomcat project doesn't understand backwards compatibility for minor versions. e.g. https://issues.apache.org/bugzilla/show_bug.cgi?id=45015 is where someone thought making the quote rules tighter and giving an error rather than a warning would be the best possible idea for a minor-number bugfix release, and never mind huge existing code bases such as the one at my day job. We had a lot of fun with that one. So I'd be quite careful with trusting Tomcat minor version upgrades. Having been bitten, I don't. - d. -- To UNSUBSCRIBE, email to debian-java-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/CAJ0tu1HDwq7dieGie+2N2gk=hi7s70mdofed_s3thj7kh+c...@mail.gmail.com
