Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Java (http://www.linux-archive.org/debian-java/)
-   -   glassfish-* packages no longer maintained (http://www.linux-archive.org/debian-java/684937-glassfish-packages-no-longer-maintained.html)

Benjamin Jaton 07-18-2012 05:39 PM

glassfish-* packages no longer maintained
 
Hello,

The packages glassfish-* shipped in all the version of Debian are version 2.1.1.
The glassfish v2 open souce code hasn't received any updates since 2010, not even critical security updates.
( https://svn.java.net/svn/glassfish~svn/trunk/v2/ )



Only the Oracle Enterprise version is still maintained.
Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may contains security flaws.


We just don't know, right?

The v3 version is very stable and actively maintained. I would consider shipping it instead of v2.

Thanks,
Benjamin Jaton

Benjamin Jaton 07-18-2012 05:48 PM

glassfish-* packages no longer maintained
 
Let me clarify:
What I am saying is that upstream is no longer maintaining it.
The Glassfish open source team has made a commit in v2 since 2010.

On Wed, Jul 18, 2012 at 10:39 AM, Benjamin Jaton <benjamin.jaton@gmail.com> wrote:

Hello,

The packages glassfish-* shipped in all the version of Debian are version 2.1.1.
The glassfish v2 open souce code hasn't received any updates since 2010, not even critical security updates.

( https://svn.java.net/svn/glassfish~svn/trunk/v2/ )



Only the Oracle Enterprise version is still maintained.
Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may contains security flaws.



We just don't know, right?

The v3 version is very stable and actively maintained. I would consider shipping it instead of v2.

Thanks,
Benjamin Jaton

Sylvestre Ledru 07-18-2012 10:14 PM

glassfish-* packages no longer maintained
 
Le 18/07/2012 19:39, Benjamin Jaton a écrit*:
Hello,



The packages glassfish-* shipped in all the version of Debian are
version 2.1.1.

The glassfish v2 open souce code hasn't received any updates since
2010, not even critical security updates.

( https://svn.java.net/svn/glassfish~svn/trunk/v2/
)

Only the Oracle Enterprise version is still maintained.

Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964
), they may contains security flaws.

We just don't know, right?



The v3 version is very stable and actively maintained. I would
consider shipping it instead of v2.




Thanks for the information.

Do you think we should ask for a removal in Wheezy ?

Are you volunteer to package the v3 ?



ThanksS

Benjamin Jaton 07-19-2012 03:38 PM

glassfish-* packages no longer maintained
 
>From there I don't know, I feel like it should be removed for safety but other packages rely on them.
Unfortunately I won't be a volunteer to package the v3.

Ben

On Wed, Jul 18, 2012 at 3:14 PM, Sylvestre Ledru <sylvestre@debian.org> wrote:






Le 18/07/2012 19:39, Benjamin Jaton a écrit*:
Hello,



The packages glassfish-* shipped in all the version of Debian are
version 2.1.1.

The glassfish v2 open souce code hasn't received any updates since
2010, not even critical security updates.

( https://svn.java.net/svn/glassfish~svn/trunk/v2/
)

Only the Oracle Enterprise version is still maintained.

Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964
), they may contains security flaws.

We just don't know, right?



The v3 version is very stable and actively maintained. I would
consider shipping it instead of v2.




Thanks for the information.

Do you think we should ask for a removal in Wheezy ?

Are you volunteer to package the v3 ?



ThanksS


All times are GMT. The time now is 10:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.