Bug#781063: commons-httpclient: should be removed from Debian during the Stretch release cycle
Markus Koschany
apo at gambaru.de
Tue Mar 24 11:51:04 UTC 2015
On 24.03.2015 12:30, Emmanuel Bourg wrote:
> I don't think this is a good idea. commons-httpclient is a very popular
> library, even in its older incarnation. Removing it could make it harder
> to bring new libraries or applications to Debian.
>
Hi,
well, this contradicts what Debian already recommends to users. The
package description of libhttpclient-java states:
"HttpComponents Client is a successor of and replacement for Commons
HttpClient 3.x. Users of Commons HttpClient are strongly encouraged to
upgrade."
It will be much harder in the future to fix security issues when there
is no upstream support and apparently commons-httpclient won't be
developed anymore in favor of libhttpclient-java and Co. The
dependencies should be changed whenever possible to the new and
maintained implementation because this is what we do for all libraries
and applications across the distribution. There will be cases where it
is not as simple but at least we should try to reduce the security risk
and maintenance burden.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20150324/0b5d630d/attachment.sig>
More information about the pkg-java-maintainers
mailing list