Bug#801026: osgi-compendium: depends on obsolete libservlet2.5-java library

Markus Koschany apo at gambaru.de
Mon Oct 5 21:10:47 UTC 2015 

Am 05.10.2015 um 22:35 schrieb Neil Bartlett:
[...]

> There is no contradiction… where did I claim that it only supports 2.5?

You wrote:

> We cannot simply update to 3.1 since that could break any consumers using 2.5 — also the package would not comply with the published specification.

I read the last part of this sentence as that the "package" was
src:osgi-compendium from Debian but it seems I have misunderstood you. I
would like to know more about your specific use case and in which
context you use Debian's osgi-compendium package in order to better
understand your concerns.


> The specification supports users who depend on servlet 2.5 or above. That means the specification JAR compiles against the lowest version that it supports, i.e. 2.5.

This is correct. Like I said servlet 2.5 is the minimum requirement for
OSGi 5. However Debian's osgi-compendium package would also comply with
the specification if it was compiled against a later version, e.g 3.1.

[...]
> The source code for OSGi Compendium contains the type org.osgi.service.http.HttpService, which depends on types from the javax.servlet package. If the osgi-compendium package in Debian builds from Java sources then it certainly needs javax.servlet to be present on the compiler’s classpath, and therefore the dependency cannot be removed. On the other hand if it repackages pre-built JARs from elsewhere then I would agree that javax.servlet does not need to be present as a dependency.

I have checked the source package again and this was a mistake on my
side. The servlet dependency is needed. If I remove the build-dependency
on libservlet2.5-java it compiles successfully but only because another
implicit build-dependency depends on libservlet2.5-java too.


>> Can you provide an example what package in Debian would be negatively
>> affected if we started to build-depend/depend on libservlet3.1-java?
> 
> No I am not able to answer this.

I need more information how this upgrade to libservlet3.1-java affects
your setup and under which circumstances it would break your
"consumers", otherwise I can't help you. Also libservlet2.5-java won't
probably go away in Stretch, so you can still install this package if
you like.

Markus

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20151005/344dcaf4/attachment.sig>

More information about the pkg-java-maintainers mailing list