On Wed, Jul 29, 2015 at 10:00:16AM +0100, Russel Winder wrote: > Emmanuel, Miguel,
Hi Russel, > > Apache Groovy 1.x series is no longer maintained. All effort is now on > the Apache Groovy 2.4.x and 2.5-SNAPSHOT versions. If Debian is to > remove Commons CLI 1.2 then I suggest removing the groovy package since > the groovy2 package is in place already, and is the right version for > Debian to go with. That's right. We are no longer maintaining Groovy 1.x although we have several packages depending on it and our latest Debian stable release still includes groovy 1.x. I stumbled upon this bug due to my attempt to fix CVE-2015-3253 in unstable for groovy 1.8.6 (the published fix is relevant for all groovy versions since 1.7.0). I expect to remove groovy eventually but in the meantime we are applying only security bug fixes. We are working on groovy2 now. Cheers, -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche
signature.asc
Description: Digital signature