openjdk team mailing list archive
-
openjdk team
-
Mailing list archive
-
Message #08801
Bug#675495: downgrading the severity of #675495 (openjdk-6 in wheezy)
On Tue, Aug 28, 2012 at 17:43:57 +0200, Moritz Muehlenhoff wrote:
> OpenJDK Security support has always been a nightmare for the security
> team because there was no support from the maintainers. Security support
> s primarily the responsibility of the maintainer.
>
> If you dump two packages in the archive without taking any precautions
> to get a clean solution this only makes things worse. In any case we
> cannot hide the issue under the carpet. We have three options:
>
> - Drop openjdk6 from Wheezy (and proceed with the needed changes to allow
> that)
> - The Java maintainers take up the responsibility and step up to support
> openjdk6 in stable- and oldstable-security for Wheezy
> - A note is being added to the release notes that openjdk6 is unmaintained
> security-wise in Wheezy and should not generally be used
>
Dumping this issue to the release notes doesn't sound like a reasonable
option if there are lots of other packages still depending on it. We
might as well drop all those packages, IMO.
Cheers,
Julien
Follow ups
References