Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.maint.java > #12782
| Path | csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod |
|---|---|
| From | Santiago Ruano Rincón <santiagorr@riseup.net> |
| Newsgroups | linux.debian.maint.java |
| Subject | Status of axis in debian |
| Date | Wed, 10 Jul 2024 16:00:01 +0200 |
| Message-ID | <IYG1r-18Vq-5@gated-at.bofh.it> (permalink) |
| References | <IYG1r-18Vq-7@gated-at.bofh.it> |
| X-Original-To | debian-java@lists.debian.org |
| X-Mailbox-Line | From debian-java-request@lists.debian.org Wed Jul 10 13:52:40 2024 |
| Old-Return-Path | <santiagorr@riseup.net> |
| X-Amavis-Spam-Status | No, score=-12.798 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FOURLA=0.1, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001] autolearn=ham autolearn_force=no |
| X-Policyd-Weight | using cached result; rate: -4.6 |
| X-Riseup-User-ID | 3F7B00D9E5375B485B2240AA85EF956232D5C975D5571BF24DB7871E305860C8 |
| MIME-Version | 1.0 |
| Content-Type | multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="hbYp0WIBAp7ASWSZ" |
| Content-Disposition | inline |
| X-Mailing-List | <debian-java@lists.debian.org> archive/latest/23477 |
| List-ID | <debian-java.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-java/> |
| List-Archive | https://lists.debian.org/msgid-search/Zo6SEn5B8qyz4Max@voleno |
| Approved | robomod@news.nic.it |
| Lines | 62 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | team@security.debian.org |
| X-Original-Date | Wed, 10 Jul 2024 10:52:18 -0300 |
| X-Original-Message-ID | <Zo6SEn5B8qyz4Max@voleno> |
| X-Original-References | <Zo6PfdEgCFKDBJFY@voleno> |
| Xref | csiph.com linux.debian.maint.java:12782 |
Show key headers only | View raw
[Multipart message — attachments visible in raw view] - view raw
(Resending to the correct address list; sorry for the noise) El 10/07/24 a las 10:41, Santiago Ruano Rincón escribió: > Dear Java packaging team, > > (Please CC: me when replying, I am not subscribed to the list) > > According to the apache advisory of CVE-2023-51441, axis 1.x has been > EOL'ed upstream: > > https://lists.apache.org/thread/8nrm5thop8f82pglx4o0jg8wmvy6d9yd > > According to the comment by grid on #debian-security, I understand it is > on life support upstream, and there have been fixes for CVEs the last > years, including at least one not-unimportant. However, from the above > mentioned advisory, upstream recommends to migrate to a "different SOAP > engine, such as Apache Axis 2/Java." > > On sid, this is the current list of build dependencies of libaxis-java: > > jalview > jets3t > jglobus > starjava-datanode > starjava-dpac > starjava-topcat > starjava-ttools > starjava-vo > starjava-votable > uimaj > > So my mail is just to start any discussion to see if it would be > appropriate to file bugs on the reverse dependencies, to ask the > maintainers if they could study how feasible is to migrate to another > SOAP engine. > > Any thoughts? > > Cheers, > > -- Santiago
Back to linux.debian.maint.java | Previous | Next — Next in thread | Find similar
Status of axis in debian Santiago Ruano Rincón <santiagorr@riseup.net> - 2024-07-10 16:00 +0200 Re: Status of axis in debian Pierre Gruet <pgt@debian.org> - 2024-07-14 15:20 +0200
csiph-web