Hi, I think we should file bug reports and start replacing libcommons-httpclient-java with libhttpclient-java.
Reasoning: commons-httpclient is obsolete and has been EOL since 2011. It is no longer supported and was/is affected by multiple security issues. [1] I suggest to file bug reports with severity "Important" and to raise the severity to serious when the list of rdeps is small. The goal is to remove libcommons-httpclient-java during the Stretch release cycle. Most of the 34 reverse-dependencies [2] are maintained by us. Complete dd-list is attached. There are more packages which should be removed (libservlet2.5-java comes to mind). More ideas? My proposed bug report template: Tags: sid stretch User: pkg-java-maintain...@lists.alioth.debian.org Usertags: oldlibs commons-httpclient Hi, #PACKAGE# depends on libcommons-httpclient-java, which is obsolete and has reached EOL status since 2011. It is no longer supported upstream and was affected by multiple security issues in the recent past. #PACKAGE# should be ported to the new libhttpclient-java version, so that we can remove the old, unmaintained one. Please try to do this before the Stretch release as we are going to try to remove libcommons-httpclient-java this cycle. We will bump this issue to serious when the list of rdeps is small and we are getting ready to remove libcommons-httpclient-java completely. If you have any questions don't hesitate to ask. On behalf of the Debian Java Maintainers Markus [1] https://bugs.debian.org/781063 [2] not-yet-commons-ssl ivy ant-contrib netbeans wsdl2c activemq commons-vfs libspring-java jenkins-json libxmlrpc3-java jftp wagon jajuk spring-build wagon2 libexml-java jenkins axis jackrabbit eclipse mule maven-docck-plugin biomaj triplea openid4java lucene-solr libjboss-common-java jets3t jenkins-htmlunit libreoffice libowasp-antisamy-java jakarta-jmeter jabsorb jspwiki
Adnan Hodzic <ad...@foolcontrol.org> eclipse (U) jspwiki (U) Andres Mejia <ame...@debian.org> eclipse (U) Andrew Ross <ubu...@rossfamily.co.uk> netbeans (U) Brian Thomason <brian.thoma...@eucalyptus.com> mule (U) wsdl2c (U) Charles Plessy <ple...@debian.org> mule (U) Chris Grzegorczyk <g...@eucalyptus.com> mule (U) Chris Halls <ha...@debian.org> libreoffice (U) Damien Raude-Morvan <draz...@debian.org> activemq (U) axis (U) commons-vfs (U) jackrabbit (U) jajuk (U) libspring-java (U) libxmlrpc3-java (U) spring-build wagon2 (U) Debian Eucalyptus Maintainers <pkg-eucalyptus-maintain...@lists.alioth.debian.org> mule wsdl2c Debian Java maintainers <pkg-java-maintain...@lists.alioth.debian.org> jftp Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> activemq ant-contrib axis commons-vfs ivy jabsorb jackrabbit jajuk jakarta-jmeter jenkins jenkins-htmlunit jenkins-json jets3t jspwiki libexml-java libjboss-common-java libowasp-antisamy-java libspring-java libxmlrpc3-java lucene-solr maven-docck-plugin netbeans not-yet-commons-ssl openid4java triplea wagon wagon2 Debian LibreOffice Maintainers <debian-openoff...@lists.debian.org> libreoffice Debian Med Packaging Team <debian-med-packag...@lists.alioth.debian.org> biomaj Debian Orbital Alignment Team <pkg-java-maintain...@lists.alioth.debian.org> eclipse Emmanuel Bourg <ebo...@apache.org> axis (U) jakarta-jmeter (U) libxmlrpc3-java (U) wagon (U) wagon2 (U) Graziano Obertelli <grazi...@eucalyptus.com> mule (U) Jakub Adam <jakub.a...@ktknet.cz> axis (U) eclipse (U) libxmlrpc3-java (U) lucene-solr (U) James Page <james.p...@canonical.com> ant-contrib (U) James Page <james.p...@ubuntu.com> jenkins (U) jenkins-htmlunit (U) lucene-solr (U) James Page <jamesp...@debian.org> jenkins-json (U) Jimmy Kaplowitz <ji...@debian.org> eclipse (U) Kalle Kivimaa <kil...@debian.org> jabsorb (U) Kumar Appaiah <aku...@debian.org> jftp (U) Kyo Lee <kyo....@eucalyptus.com> mule (U) Ludovic Claude <ludovic.cla...@laposte.net> ivy (U) maven-docck-plugin (U) wagon (U) Markus Koschany <a...@gambaru.de> netbeans (U) Mat Scales <m...@wibbly.org.uk> lucene-solr (U) Matthew Vernon <matt...@debian.org> libowasp-antisamy-java (U) not-yet-commons-ssl (U) Miguel Landaeta <mig...@miguel.cc> ivy (U) jets3t (U) Miguel Landaeta <nomad...@debian.org> libspring-java (U) openid4java (U) Niels Thykier <ni...@thykier.net> eclipse (U) jabsorb (U) jftp (U) libjboss-common-java (U) Olivier Sallou <osal...@debian.org> biomaj (U) Olivier Weinstoerffer <olivier.weinstoerf...@gmail.com> openid4java (U) Onkar Shinde <onkarshi...@ubuntu.com> jakarta-jmeter (U) Rene Engelhard <r...@debian.org> libreoffice (U) Scott Howard <show...@debian.org> triplea (U) Steffen Moeller <moel...@debian.org> mule (U) Torsten Werner <twer...@debian.org> axis (U) ivy (U) jajuk (U) libjboss-common-java (U) libxmlrpc3-java (U) wagon (U) Varun Hiremath <va...@debian.org> ivy (U) jajuk (U) jftp (U) libexml-java (U) libjboss-common-java (U) Xavier Oswald <xosw...@debian.org> openid4java (U)
signature.asc
Description: OpenPGP digital signature
