Path: csiph.com!eternal-september.org!feeder.eternal-september.org!aioe.org!bofh.it!news.nic.it!robomod From: Markus Koschany Newsgroups: linux.debian.maint.java Subject: Transition from libcommons-httpclient-java to libhttpclient-java Date: Wed, 30 Sep 2015 20:20:01 +0200 Message-ID: X-Original-To: "debian-java@lists.debian.org" X-Mailbox-Line: From debian-java-request@lists.debian.org Wed Sep 30 18:19:56 2015 Old-Return-Path: X-Amavis-Spam-Status: No, score=-9.7 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, GMAIL=1, LDO_WHITELIST=-5, MEDS2=2, PGPSIGNATURE=-5, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no X-Policyd-Weight: using cached result; rate: -6.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="diafcwI8hJRFwjrOamT9LM8jKvKk4IPmN" X-Sa-Exim-Scanned: No (on richard.fcube.de); SAEximRunCond expanded to false X-Mailing-List: archive/latest/18720 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/560C27B9.1060009@gambaru.de Approved: robomod@news.nic.it Lines: 195 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Wed, 30 Sep 2015 20:19:37 +0200 X-Original-Message-ID: <560C27B9.1060009@gambaru.de> Xref: csiph.com linux.debian.maint.java:8406 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --diafcwI8hJRFwjrOamT9LM8jKvKk4IPmN Content-Type: multipart/mixed; boundary="------------050501060600090709030102" This is a multi-part message in MIME format. --------------050501060600090709030102 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, I think we should file bug reports and start replacing libcommons-httpclient-java with libhttpclient-java. Reasoning: commons-httpclient is obsolete and has been EOL since 2011. It is no longer supported and was/is affected by multiple security issues. [1] I suggest to file bug reports with severity "Important" and to raise the severity to serious when the list of rdeps is small. The goal is to remove libcommons-httpclient-java during the Stretch release cycle. Most of the 34 reverse-dependencies [2] are maintained by us. Complete dd-list is attached. There are more packages which should be removed (libservlet2.5-java comes to mind). More ideas? My proposed bug report template: Tags: sid stretch User: pkg-java-maintainers@lists.alioth.debian.org Usertags: oldlibs commons-httpclient Hi, #PACKAGE# depends on libcommons-httpclient-java, which is obsolete and has reached EOL status since 2011. It is no longer supported upstream and was affected by multiple security issues in the recent past. #PACKAGE# should be ported to the new libhttpclient-java version, so that we can remove the old, unmaintained one. Please try to do this before the Stretch release as we are going to try to remove libcommons-httpclient-java this cycle. We will bump this issue to serious when the list of rdeps is small and we are getting ready to remove libcommons-httpclient-java completely. If you have any questions don't hesitate to ask. On behalf of the Debian Java Maintainers Markus [1] https://bugs.debian.org/781063 [2] not-yet-commons-ssl ivy ant-contrib netbeans wsdl2c activemq commons-vfs libspring-java jenkins-json libxmlrpc3-java jftp wagon jajuk spring-build wagon2 libexml-java jenkins axis jackrabbit eclipse mule maven-docck-plugin biomaj triplea openid4java lucene-solr libjboss-common-java jets3t jenkins-htmlunit libreoffice libowasp-antisamy-java jakarta-jmeter jabsorb jspwiki --------------050501060600090709030102 Content-Type: text/plain; charset=UTF-8; name="commons-httpclient.dd-list" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="commons-httpclient.dd-list" QWRuYW4gSG9kemljIDxhZG5hbkBmb29sY29udHJvbC5vcmc+CiAgIGVjbGlwc2UgKFUpCiAg IGpzcHdpa2kgKFUpCgpBbmRyZXMgTWVqaWEgPGFtZWppYUBkZWJpYW4ub3JnPgogICBlY2xp cHNlIChVKQoKQW5kcmV3IFJvc3MgPHVidW50dUByb3NzZmFtaWx5LmNvLnVrPgogICBuZXRi ZWFucyAoVSkKCkJyaWFuIFRob21hc29uIDxicmlhbi50aG9tYXNvbkBldWNhbHlwdHVzLmNv bT4KICAgbXVsZSAoVSkKICAgd3NkbDJjIChVKQoKQ2hhcmxlcyBQbGVzc3kgPHBsZXNzeUBk ZWJpYW4ub3JnPgogICBtdWxlIChVKQoKQ2hyaXMgR3J6ZWdvcmN6eWsgPGdyemVAZXVjYWx5 cHR1cy5jb20+CiAgIG11bGUgKFUpCgpDaHJpcyBIYWxscyA8aGFsbHNAZGViaWFuLm9yZz4K ICAgbGlicmVvZmZpY2UgKFUpCgpEYW1pZW4gUmF1ZGUtTW9ydmFuIDxkcmF6emliQGRlYmlh bi5vcmc+CiAgIGFjdGl2ZW1xIChVKQogICBheGlzIChVKQogICBjb21tb25zLXZmcyAoVSkK ICAgamFja3JhYmJpdCAoVSkKICAgamFqdWsgKFUpCiAgIGxpYnNwcmluZy1qYXZhIChVKQog ICBsaWJ4bWxycGMzLWphdmEgKFUpCiAgIHNwcmluZy1idWlsZAogICB3YWdvbjIgKFUpCgpE ZWJpYW4gRXVjYWx5cHR1cyBNYWludGFpbmVycyA8cGtnLWV1Y2FseXB0dXMtbWFpbnRhaW5l cnNAbGlzdHMuYWxpb3RoLmRlYmlhbi5vcmc+CiAgIG11bGUKICAgd3NkbDJjCgpEZWJpYW4g SmF2YSBtYWludGFpbmVycyA8cGtnLWphdmEtbWFpbnRhaW5lcnNAbGlzdHMuYWxpb3RoLmRl Ymlhbi5vcmc+CiAgIGpmdHAKCkRlYmlhbiBKYXZhIE1haW50YWluZXJzIDxwa2ctamF2YS1t YWludGFpbmVyc0BsaXN0cy5hbGlvdGguZGViaWFuLm9yZz4KICAgYWN0aXZlbXEKICAgYW50 LWNvbnRyaWIKICAgYXhpcwogICBjb21tb25zLXZmcwogICBpdnkKICAgamFic29yYgogICBq YWNrcmFiYml0CiAgIGphanVrCiAgIGpha2FydGEtam1ldGVyCiAgIGplbmtpbnMKICAgamVu a2lucy1odG1sdW5pdAogICBqZW5raW5zLWpzb24KICAgamV0czN0CiAgIGpzcHdpa2kKICAg bGliZXhtbC1qYXZhCiAgIGxpYmpib3NzLWNvbW1vbi1qYXZhCiAgIGxpYm93YXNwLWFudGlz YW15LWphdmEKICAgbGlic3ByaW5nLWphdmEKICAgbGlieG1scnBjMy1qYXZhCiAgIGx1Y2Vu ZS1zb2xyCiAgIG1hdmVuLWRvY2NrLXBsdWdpbgogICBuZXRiZWFucwogICBub3QteWV0LWNv bW1vbnMtc3NsCiAgIG9wZW5pZDRqYXZhCiAgIHRyaXBsZWEKICAgd2Fnb24KICAgd2Fnb24y CgpEZWJpYW4gTGlicmVPZmZpY2UgTWFpbnRhaW5lcnMgPGRlYmlhbi1vcGVub2ZmaWNlQGxp c3RzLmRlYmlhbi5vcmc+CiAgIGxpYnJlb2ZmaWNlCgpEZWJpYW4gTWVkIFBhY2thZ2luZyBU ZWFtIDxkZWJpYW4tbWVkLXBhY2thZ2luZ0BsaXN0cy5hbGlvdGguZGViaWFuLm9yZz4KICAg YmlvbWFqCgpEZWJpYW4gT3JiaXRhbCBBbGlnbm1lbnQgVGVhbSA8cGtnLWphdmEtbWFpbnRh aW5lcnNAbGlzdHMuYWxpb3RoLmRlYmlhbi5vcmc+CiAgIGVjbGlwc2UKCkVtbWFudWVsIEJv dXJnIDxlYm91cmdAYXBhY2hlLm9yZz4KICAgYXhpcyAoVSkKICAgamFrYXJ0YS1qbWV0ZXIg KFUpCiAgIGxpYnhtbHJwYzMtamF2YSAoVSkKICAgd2Fnb24gKFUpCiAgIHdhZ29uMiAoVSkK CkdyYXppYW5vIE9iZXJ0ZWxsaSA8Z3Jhemlhbm9AZXVjYWx5cHR1cy5jb20+CiAgIG11bGUg KFUpCgpKYWt1YiBBZGFtIDxqYWt1Yi5hZGFtQGt0a25ldC5jej4KICAgYXhpcyAoVSkKICAg ZWNsaXBzZSAoVSkKICAgbGlieG1scnBjMy1qYXZhIChVKQogICBsdWNlbmUtc29sciAoVSkK CkphbWVzIFBhZ2UgPGphbWVzLnBhZ2VAY2Fub25pY2FsLmNvbT4KICAgYW50LWNvbnRyaWIg KFUpCgpKYW1lcyBQYWdlIDxqYW1lcy5wYWdlQHVidW50dS5jb20+CiAgIGplbmtpbnMgKFUp CiAgIGplbmtpbnMtaHRtbHVuaXQgKFUpCiAgIGx1Y2VuZS1zb2xyIChVKQoKSmFtZXMgUGFn ZSA8amFtZXNwYWdlQGRlYmlhbi5vcmc+CiAgIGplbmtpbnMtanNvbiAoVSkKCkppbW15IEth cGxvd2l0eiA8amltbXlAZGViaWFuLm9yZz4KICAgZWNsaXBzZSAoVSkKCkthbGxlIEtpdmlt YWEgPGtpbGxlckBkZWJpYW4ub3JnPgogICBqYWJzb3JiIChVKQoKS3VtYXIgQXBwYWlhaCA8 YWt1bWFyQGRlYmlhbi5vcmc+CiAgIGpmdHAgKFUpCgpLeW8gTGVlIDxreW8ubGVlQGV1Y2Fs eXB0dXMuY29tPgogICBtdWxlIChVKQoKTHVkb3ZpYyBDbGF1ZGUgPGx1ZG92aWMuY2xhdWRl QGxhcG9zdGUubmV0PgogICBpdnkgKFUpCiAgIG1hdmVuLWRvY2NrLXBsdWdpbiAoVSkKICAg d2Fnb24gKFUpCgpNYXJrdXMgS29zY2hhbnkgPGFwb0BnYW1iYXJ1LmRlPgogICBuZXRiZWFu cyAoVSkKCk1hdCBTY2FsZXMgPG1hdEB3aWJibHkub3JnLnVrPgogICBsdWNlbmUtc29sciAo VSkKCk1hdHRoZXcgVmVybm9uIDxtYXR0aGV3QGRlYmlhbi5vcmc+CiAgIGxpYm93YXNwLWFu dGlzYW15LWphdmEgKFUpCiAgIG5vdC15ZXQtY29tbW9ucy1zc2wgKFUpCgpNaWd1ZWwgTGFu ZGFldGEgPG1pZ3VlbEBtaWd1ZWwuY2M+CiAgIGl2eSAoVSkKICAgamV0czN0IChVKQoKTWln dWVsIExhbmRhZXRhIDxub21hZGl1bUBkZWJpYW4ub3JnPgogICBsaWJzcHJpbmctamF2YSAo VSkKICAgb3BlbmlkNGphdmEgKFUpCgpOaWVscyBUaHlraWVyIDxuaWVsc0B0aHlraWVyLm5l dD4KICAgZWNsaXBzZSAoVSkKICAgamFic29yYiAoVSkKICAgamZ0cCAoVSkKICAgbGliamJv c3MtY29tbW9uLWphdmEgKFUpCgpPbGl2aWVyIFNhbGxvdSA8b3NhbGxvdUBkZWJpYW4ub3Jn PgogICBiaW9tYWogKFUpCgpPbGl2aWVyIFdlaW5zdG9lcmZmZXIgPG9saXZpZXIud2VpbnN0 b2VyZmZlckBnbWFpbC5jb20+CiAgIG9wZW5pZDRqYXZhIChVKQoKT25rYXIgU2hpbmRlIDxv bmthcnNoaW5kZUB1YnVudHUuY29tPgogICBqYWthcnRhLWptZXRlciAoVSkKClJlbmUgRW5n ZWxoYXJkIDxyZW5lQGRlYmlhbi5vcmc+CiAgIGxpYnJlb2ZmaWNlIChVKQoKU2NvdHQgSG93 YXJkIDxzaG93YXJkQGRlYmlhbi5vcmc+CiAgIHRyaXBsZWEgKFUpCgpTdGVmZmVuIE1vZWxs ZXIgPG1vZWxsZXJAZGViaWFuLm9yZz4KICAgbXVsZSAoVSkKClRvcnN0ZW4gV2VybmVyIDx0 d2VybmVyQGRlYmlhbi5vcmc+CiAgIGF4aXMgKFUpCiAgIGl2eSAoVSkKICAgamFqdWsgKFUp CiAgIGxpYmpib3NzLWNvbW1vbi1qYXZhIChVKQogICBsaWJ4bWxycGMzLWphdmEgKFUpCiAg IHdhZ29uIChVKQoKVmFydW4gSGlyZW1hdGggPHZhcnVuQGRlYmlhbi5vcmc+CiAgIGl2eSAo VSkKICAgamFqdWsgKFUpCiAgIGpmdHAgKFUpCiAgIGxpYmV4bWwtamF2YSAoVSkKICAgbGli amJvc3MtY29tbW9uLWphdmEgKFUpCgpYYXZpZXIgT3N3YWxkIDx4b3N3YWxkQGRlYmlhbi5v cmc+CiAgIG9wZW5pZDRqYXZhIChVKQoK --------------050501060600090709030102-- --diafcwI8hJRFwjrOamT9LM8jKvKk4IPmN Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJWDCe7XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkKi0P/iXqHfqzf/KvGB8Hiuv5YRRH bRhyZSbvlUj71Y57zGbLSTzphepQCnAk+D8VVtmDCzmH8zy2o9tvd7yNtNy9ceAO B9ZxqWEKdueBSRglim+U6IxrwWc+ANWTgu+Rhxpl9uIEjqdvGQ7AX/YHomcF/luM zyK+rC0wQhS1HUlYWk5cmAh0m+x3ulC7d93kfv2sBqNkdhEaS1eXLEB0eTmzd8/d hE7QWtn9rTG9dqJBmj6oQvl2CZpd2XnH7WCsIh+zkVA0vux8Z2k8kBEo0G8RVgDA /XSov06CLek8C5ijFnkoRJlSyIznA42fUEVWoyzMKu8hs+i3zeiqKUxh2WmA4twG YGoFzPtEF6KDuu1hJC6m/QVgtXgYEEawAp6WI5Erh9qO6CsvS7RXhFhzmwwRD/8z HFYrFZCNHTFg3R8vqctTAV97QUVWtDvu/1jBjSMwNfHhLRhsvlYfdnPz4E8KpMWG OON4ydFnaqu8UHRtuSwC+P3fl6xpbis069YU5jOidfRr2SF3jM+ZsdYpzB0kbbab WI+EM7L0V+XA1/STgxMi6D/RFgiz8hXP7Vo59Ic6TAKvyzzaJHXE1Y7/YSQ8JYXr sy1060vJ8neTvjeFj+T0EAE+QbzoZlM2ClzhnTC5WjGAjhGTzbc2tsLkTPVEDEoF Tsa2Pw83bGPU/Wfp4+ZH =zYce -----END PGP SIGNATURE----- --diafcwI8hJRFwjrOamT9LM8jKvKk4IPmN--