On Tue, Mar 12, 2013 at 6:05 PM, devzero2000 <pinto.e...@gmail.com> wrote:
> On Tue, Mar 12, 2013 at 4:28 PM, Stanislav Ochotnicky < > sochotni...@redhat.com> wrote: > >> Quoting Kevin Fenzi (2013-03-12 15:53:56) >> > On Tue, 12 Mar 2013 13:49:22 +0100 >> > Stanislav Ochotnicky <sochotni...@redhat.com> wrote: >> > >> > > Tomcat6 package in Fedora is old, has several problematic bugs >> > > (including 4 security) and most importantly there's a replacement: >> > > tomcat-7.x >> > > >> > > I believe it is in our (developers as well as users) best interest to >> > > get rid of it. I have sent similar email to java-devel on February >> > > 26th[1], created another tomcat6 bugreport a week ago[2] but I wasn't >> > > successful in reaching David Knox (primary maintainer). >> > > >> > > Note that we already had a bugreport to migrate packages to >> > > tomcat-7[3] and we almost succeeded, but then new packages started >> > > creeping in with dependency on tomcat6. We need to get rid of it ASAP >> > > or we'll be fighting neverending battle. Even as >> > > comaintainer/provenpackager I cannot deprecate package that I do not >> > > own. >> > > >> > > I consider this point 4 of unresponsive maintainer process[4]. >> > > However due to security issues, and package being effectively dead I >> > > wouldn't mind speeding up the process. I might try to bring this up >> > > with FESCO, but process doesn't seem to include any wiggle room there. >> > >> > Feel free to file a fesco ticket and explain whats going on. >> Thanks, filed https://fedorahosted.org/fesco/ticket/1094 >> >> I believe the emails/bugzilla provides enough context but I'll also try >> to attend >> the FESCO meeting to answer any questions. >> > > I have received this today > http://www.exploitthis.com/2013/03/rhsa-20130623-1-important-tomcat6-security-update.html > . > > Dunno if useful. > > Best > >
-- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
