Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.maint.java > #8406

Transition from libcommons-httpclient-java to libhttpclient-java

From Markus Koschany <apo@gambaru.de>
Newsgroups linux.debian.maint.java
Subject Transition from libcommons-httpclient-java to libhttpclient-java
Date 2015-09-30 20:20 +0200
Message-ID <qeu8V-4ns-13@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Hi,

I think we should file bug reports and start replacing
libcommons-httpclient-java with libhttpclient-java.

Reasoning:

commons-httpclient is obsolete and has been EOL since 2011. It is no
longer supported and was/is affected by multiple security issues. [1]

I suggest to file bug reports with severity "Important" and to raise the
severity to serious when the list of rdeps is small. The goal is to
remove libcommons-httpclient-java during the Stretch release cycle.

Most of the 34 reverse-dependencies [2] are maintained by us. Complete
dd-list is attached.

There are more packages which should be removed (libservlet2.5-java
comes to mind). More ideas?

My proposed bug report template:

Tags: sid stretch
User: pkg-java-maintainers@lists.alioth.debian.org
Usertags: oldlibs commons-httpclient


Hi,

#PACKAGE# depends on libcommons-httpclient-java, which is obsolete and
has reached EOL status since 2011. It is no longer supported upstream
and was affected by multiple security issues in the recent past.
#PACKAGE# should be ported to the new libhttpclient-java version, so
that we can remove the old, unmaintained one.

Please try to do this before the Stretch release as we are going to try
to remove libcommons-httpclient-java this cycle.

We will bump this issue to serious when the list of rdeps is small and
we are getting ready to remove libcommons-httpclient-java completely.

If you have any questions don't hesitate to ask.

On behalf of the Debian Java Maintainers

Markus



[1] https://bugs.debian.org/781063
[2]

not-yet-commons-ssl
ivy
ant-contrib
netbeans
wsdl2c
activemq
commons-vfs
libspring-java
jenkins-json
libxmlrpc3-java
jftp
wagon
jajuk
spring-build
wagon2
libexml-java
jenkins
axis
jackrabbit
eclipse
mule
maven-docck-plugin
biomaj
triplea
openid4java
lucene-solr
libjboss-common-java
jets3t
jenkins-htmlunit
libreoffice
libowasp-antisamy-java
jakarta-jmeter
jabsorb
jspwiki

Back to linux.debian.maint.java | Previous | NextNext in thread | Find similar

Thread

Transition from libcommons-httpclient-java to libhttpclient-java Markus Koschany <apo@gambaru.de> - 2015-09-30 20:20 +0200
  Re: Transition from libcommons-httpclient-java to libhttpclient-java Emmanuel Bourg <ebourg@apache.org> - 2015-09-30 22:00 +0200
    Re: Transition from libcommons-httpclient-java to libhttpclient-java Markus Koschany <apo@gambaru.de> - 2015-10-01 09:10 +0200
      Re: Transition from libcommons-httpclient-java to libhttpclient-java Markus Koschany <apo@gambaru.de> - 2015-10-05 19:00 +0200

csiph-web