Bug#738583: libcglib-java - Uses jarjar without proper copyright or Built-Using
Bastian Blank
waldi at debian.org
Tue Feb 11 20:22:16 UTC 2014
On Tue, Feb 11, 2014 at 08:10:28AM +0100, Emmanuel Bourg wrote:
> Le 11/02/2014 05:16, tony mancill a écrit :
> > Instead of Built-Using or updating debian/copyright, it seems preferable
> > to refactor the source to use the actual libasm3-java JAR, although I
> > haven't yet looked into how much effort that will require.
> Please don't depend on asm3 at runtime. jarjar is used to relocate the
> asm classes under a different package. This is necessary to avoid
> classpath conflicts between different versions of asm.
Have you talked to the security team about this? Where does Debian ship
different versions of asm?
Bastian
--
What kind of love is that? Not to be loved; never to have shown love.
-- Commissioner Nancy Hedford, "Metamorphosis",
stardate 3219.8
More information about the pkg-java-maintainers
mailing list