On Wed, Jul 29, 2015 at 10:00:16AM +0100, Russel Winder wrote:
> Emmanuel, Miguel,

Hi Russel,

> 
> Apache Groovy 1.x series is no longer maintained. All effort is now on
> the Apache Groovy 2.4.x and 2.5-SNAPSHOT versions. If Debian is to
> remove Commons CLI 1.2 then I suggest removing the groovy package since
> the groovy2 package is in place already, and is the right version for
> Debian to go with.

That's right. We are no longer maintaining Groovy 1.x although we have
several packages depending on it and our latest Debian stable release
still includes groovy 1.x.

I stumbled upon this bug due to my attempt to fix CVE-2015-3253 in
unstable for groovy 1.8.6 (the published fix is relevant for all
groovy versions since 1.7.0).

I expect to remove groovy eventually but in the meantime we are
applying only security bug fixes. We are working on groovy2 now.

Cheers,

-- 
Miguel Landaeta, nomadium at debian.org
secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key.
"Faith means not wanting to know what is true." -- Nietzsche

Attachment: signature.asc
Description: Digital signature

Reply via email to