On 2013-01-15 00:57, David Prévot wrote: > tags 698108 + patch > thanks > > Dear maintainer, > > I've prepared an NMU for java-package (versioned as 0.50+nmu2) and > uploaded it to DELAYED/2. Please feel free to tell me if I > should delay it longer (or even if I should dcut it to 0-day, given the > security matter). > > If you prefer to fix it in another not intrusive way (not c1fb4d0), I'm > happy to (quickly) sponsor your package too. > > Regards. > > David > > [...]
Seems to me your patch will prevent anyone from using java-package on the older Java7 binaries. If we do remove this support because they are infested with security issues making them unsuitable for anything at all[1], I think it should have a nice little error message saying "Nope, won't do this - That version is vulnerable/unsupported/$whatever". Just so people are aware it is a deliberate choice from "our" side and not a buggy script crashing. (Particularly people have been using it with older versions before. They might be surprised to see that non-descriptive error message the reporter included in the original mail). ~Niels [1] Something I would find entirely plausible at this point. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
