Glassfish security support (in Squeeze)

[Raphael Hertzog]

Hello,

while triaging CVE affecting Debian Squeeze I came on glassfish:
https://security-tracker.debian.org/tracker/source-package/glassfish

>From what I gathered, Oracle doesn't provide any useful information to
apply a targeted fix on the current package. The 2.1.x branch is also
no longer maintained upstream.

The only solution would be to import new upstream versions but I think
this is out of scope for such a package, particularly when the current
Debian maintainers have not provided such an updated package yet (I
just filed #762462 about this).

Thus I believe that we should mark the package as <end-of-life> and
recognize officially our inability to handle this package.

If there are no objections, I'll file a bug against
debian-security-support to request this. CC to the security team in case
they want to request the same for Wheezy.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Discover the Debian Administrator's Handbook:
→ http://debian-handbook.info/get/