FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Java

 
 
LinkBack Thread Tools
 
Old 07-18-2012, 05:39 PM
Benjamin Jaton
 
Default glassfish-* packages no longer maintained

Hello,

The packages glassfish-* shipped in all the version of Debian are version 2.1.1.
The glassfish v2 open souce code hasn't received any updates since 2010, not even critical security updates.
( https://svn.java.net/svn/glassfish~svn/trunk/v2/ )



Only the Oracle Enterprise version is still maintained.
Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may contains security flaws.


We just don't know, right?

The v3 version is very stable and actively maintained. I would consider shipping it instead of v2.

Thanks,
Benjamin Jaton
 
Old 07-18-2012, 05:48 PM
Benjamin Jaton
 
Default glassfish-* packages no longer maintained

Let me clarify:
What I am saying is that upstream is no longer maintaining it.
The Glassfish open source team has made a commit in v2 since 2010.

On Wed, Jul 18, 2012 at 10:39 AM, Benjamin Jaton <benjamin.jaton@gmail.com> wrote:

Hello,

The packages glassfish-* shipped in all the version of Debian are version 2.1.1.
The glassfish v2 open souce code hasn't received any updates since 2010, not even critical security updates.

( https://svn.java.net/svn/glassfish~svn/trunk/v2/ )



Only the Oracle Enterprise version is still maintained.
Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964 ), they may contains security flaws.



We just don't know, right?

The v3 version is very stable and actively maintained. I would consider shipping it instead of v2.

Thanks,
Benjamin Jaton
 
Old 07-18-2012, 10:14 PM
Sylvestre Ledru
 
Default glassfish-* packages no longer maintained

Le 18/07/2012 19:39, Benjamin Jaton a écrit*:
Hello,



The packages glassfish-* shipped in all the version of Debian are
version 2.1.1.

The glassfish v2 open souce code hasn't received any updates since
2010, not even critical security updates.

( https://svn.java.net/svn/glassfish~svn/trunk/v2/
)

Only the Oracle Enterprise version is still maintained.

Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964
), they may contains security flaws.

We just don't know, right?



The v3 version is very stable and actively maintained. I would
consider shipping it instead of v2.




Thanks for the information.

Do you think we should ask for a removal in Wheezy ?

Are you volunteer to package the v3 ?



ThanksS
 
Old 07-19-2012, 03:38 PM
Benjamin Jaton
 
Default glassfish-* packages no longer maintained

>From there I don't know, I feel like it should be removed for safety but other packages rely on them.
Unfortunately I won't be a volunteer to package the v3.

Ben

On Wed, Jul 18, 2012 at 3:14 PM, Sylvestre Ledru <sylvestre@debian.org> wrote:






Le 18/07/2012 19:39, Benjamin Jaton a écrit*:
Hello,



The packages glassfish-* shipped in all the version of Debian are
version 2.1.1.

The glassfish v2 open souce code hasn't received any updates since
2010, not even critical security updates.

( https://svn.java.net/svn/glassfish~svn/trunk/v2/
)

Only the Oracle Enterprise version is still maintained.

Even if those are not the full server stack ( http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653964
), they may contains security flaws.

We just don't know, right?



The v3 version is very stable and actively maintained. I would
consider shipping it instead of v2.




Thanks for the information.

Do you think we should ask for a removal in Wheezy ?

Are you volunteer to package the v3 ?



ThanksS
 

Thread Tools




All times are GMT. The time now is 09:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org