Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12276
| From | Thorsten Glaser <t.glaser@tarent.de> |
|---|---|
| Newsgroups | linux.debian.maint.java |
| Subject | Re: tomcat9 in buster-backports vs. security |
| Date | 2021-08-10 22:50 +0200 |
| Message-ID | <CKGRc-Su-1@gated-at.bofh.it> (permalink) |
| References | <CKGet-FO-3@gated-at.bofh.it> <CKGHv-P2-1@gated-at.bofh.it> |
| Organization | linux.* mail to news gateway |
On Tue, 10 Aug 2021, Markus Koschany wrote: > Currently I don't plan to update the bpo version of Tomcat 9 in Buster. If you > prefer the latest updates then I'd suggest to focus on bullseye-backports from I think you misunderstood the intention of this request. Packages in $version-backports have to be up-to-date wrt. their corresponding packages from $(version+1), except small, not very user-visible, etc. changes. In the case of security updates, this is even more important. The person who uploaded the first backport basically agreed to keep the tomcat9 backport up-to-date over the lifetime of buster-backports, that is, to approximately 14/15ᵗʰ August 2022(!). > now on. I am not sure yet if the regression which I have fixed in > 9.0.43-3 requires another security update for bullseye or buster at > the moment, since an easy workaround is available and probably not > many users are affected. I will monitor the situation though. Right. However, if you’re not intending to update the buster backport, please file a removal request and inform the users (via the bpo mailing list) about this and the extant security issues in the version they have installed. Thanks, //mirabilos ObPlug: http://www.mirbsd.org/~tg/Debs/dists/buster/lts/Pkgs/tomcat9/ is what I try to keep reasonably up to date. It also contains the sysvinit fixes. It’s built in a bullseye chroot though, and as such does NOT follow the bpo rules. It’s a works-for-me thing which one MAY use if they want, at their own risk. -- Infrastrukturexperte • tarent solutions GmbH Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/ Telephon +49 228 54881-393 • Fax: +49 228 54881-235 HRB AG Bonn 5168 • USt-ID (VAT): DE122264941 Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg ************************************************* Mit dem tarent-Newsletter nichts mehr verpassen: www.tarent.de/newsletter *************************************************
Back to linux.debian.maint.java | Previous | Next — Previous in thread | Next in thread | Find similar
tomcat9 in buster-backports vs. security Thorsten Glaser <t.glaser@tarent.de> - 2021-08-10 22:10 +0200
Re: tomcat9 in buster-backports vs. security Markus Koschany <apo@debian.org> - 2021-08-10 22:40 +0200
Re: tomcat9 in buster-backports vs. security Thorsten Glaser <t.glaser@tarent.de> - 2021-08-10 22:50 +0200
Re: tomcat9 in buster-backports vs. security Markus Koschany <apo@debian.org> - 2021-08-10 23:00 +0200
Re: tomcat9 in buster-backports vs. security Thorsten Glaser <t.glaser@tarent.de> - 2021-08-22 23:00 +0200
Re: tomcat9 in buster-backports vs. security Markus Koschany <apo@debian.org> - 2021-10-14 23:30 +0200
Re: tomcat9 in buster-backports vs. security Alexander Wirt <formorer@formorer.de> - 2021-10-15 11:00 +0200
csiph-web