On Tue, Aug 28, 2012 at 17:43:57 +0200, Moritz Muehlenhoff wrote: > OpenJDK Security support has always been a nightmare for the security > team because there was no support from the maintainers. Security support > s primarily the responsibility of the maintainer. > > If you dump two packages in the archive without taking any precautions > to get a clean solution this only makes things worse. In any case we > cannot hide the issue under the carpet. We have three options: > > - Drop openjdk6 from Wheezy (and proceed with the needed changes to allow > that) > - The Java maintainers take up the responsibility and step up to support > openjdk6 in stable- and oldstable-security for Wheezy > - A note is being added to the release notes that openjdk6 is unmaintained > security-wise in Wheezy and should not generally be used > Dumping this issue to the release notes doesn't sound like a reasonable option if there are lots of other packages still depending on it. We might as well drop all those packages, IMO.
Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
