On 02/11/2014 10:58 PM, Emmanuel Bourg wrote:
> Le 12/02/2014 06:31, tony mancill a écrit :
>
>> The attribution looks appropriate to me. I changed the version number
>> to we're not uploading a new upstream source version just to switch to
>> XZ compression. That'll take effect with the next up
Le 12/02/2014 06:31, tony mancill a écrit :
> The attribution looks appropriate to me. I changed the version number
> to we're not uploading a new upstream source version just to switch to
> XZ compression. That'll take effect with the next upstream upload (or
> repack, if that ends up being nec
On 02/11/2014 04:29 AM, Emmanuel Bourg wrote:
> I prepared an update of the cglib package on alioth:
>
> - The Built-Using field has been added
> - debian/copyright now mentions the inclusion of the asm classes
> - the asm license file is now included in cglib-nodep.jar like the jar
> distributed
Le 11/02/2014 21:22, Bastian Blank a écrit :
> Have you talked to the security team about this? Where does Debian ship
> different versions of asm?
Debian has four versions of asm. Each version is incompatible with the
previous one, and they share the same namespace (org.objectweb.asm.*).
That m
On Tue, Feb 11, 2014 at 08:10:28AM +0100, Emmanuel Bourg wrote:
> Le 11/02/2014 05:16, tony mancill a écrit :
> > Instead of Built-Using or updating debian/copyright, it seems preferable
> > to refactor the source to use the actual libasm3-java JAR, although I
> > haven't yet looked into how much e
I prepared an update of the cglib package on alioth:
- The Built-Using field has been added
- debian/copyright now mentions the inclusion of the asm classes
- the asm license file is now included in cglib-nodep.jar like the jar
distributed by upstream
Tony, could you please upload this update if
Le 11/02/2014 05:16, tony mancill a écrit :
> Instead of Built-Using or updating debian/copyright, it seems preferable
> to refactor the source to use the actual libasm3-java JAR, although I
> haven't yet looked into how much effort that will require.
Please don't depend on asm3 at runtime. jarja
On Mon, Feb 10, 2014 at 08:16:10PM -0800, tony mancill wrote:
> Instead of Built-Using or updating debian/copyright, it seems preferable
> to refactor the source to use the actual libasm3-java JAR, although I
> haven't yet looked into how much effort that will require.
cglib internaly builds both
On 02/10/2014 12:54 PM, Bastian Blank wrote:
> Package: libcglib-java
> Version: 2.2.2+dfsg-5
> Severity: serious
>
> libcglib-java uses jarjar to incoporate libasm3-java. It does this
> without mentioning the license of the incorporated stuff or even listing
> it as Built-Using.
Hi Bastian,
Th
Package: libcglib-java
Version: 2.2.2+dfsg-5
Severity: serious
libcglib-java uses jarjar to incoporate libasm3-java. It does this
without mentioning the license of the incorporated stuff or even listing
it as Built-Using.
Bastian
-- System Information:
Debian Release: jessie/sid
APT prefers t
10 matches
Mail list logo
