tomcat6 unresponsive maintainer & deprecation

Dan Mashal dan.mashal at gmail.com
Tue Mar 12 17:11:06 UTC 2013


On Tue, Mar 12, 2013 at 10:06 AM, yersinia <yersinia.spiros at gmail.com> wrote:
> On Tue, Mar 12, 2013 at 6:05 PM, devzero2000 <pinto.elia at gmail.com> wrote:
>>
>> On Tue, Mar 12, 2013 at 4:28 PM, Stanislav Ochotnicky
>> <sochotnicky at redhat.com> wrote:
>>>
>>> Quoting Kevin Fenzi (2013-03-12 15:53:56)
>>> > On Tue, 12 Mar 2013 13:49:22 +0100
>>> > Stanislav Ochotnicky <sochotnicky at redhat.com> wrote:
>>> >
>>> > > Tomcat6 package in Fedora is old, has several problematic bugs
>>> > > (including 4 security) and most importantly there's a replacement:
>>> > > tomcat-7.x
>>> > >
>>> > > I believe it is in our (developers as well as users) best interest to
>>> > > get rid of it. I have sent similar email to java-devel on February
>>> > > 26th[1], created another tomcat6 bugreport a week ago[2] but I wasn't
>>> > > successful in reaching David Knox (primary maintainer).
>>> > >
>>> > > Note that we already had a bugreport to migrate packages to
>>> > > tomcat-7[3] and we almost succeeded, but then new packages started
>>> > > creeping in with dependency on tomcat6. We need to get rid of it ASAP
>>> > > or we'll be fighting neverending battle. Even as
>>> > > comaintainer/provenpackager I cannot deprecate package that I do not
>>> > > own.
>>> > >
>>> > > I consider this point 4 of unresponsive maintainer process[4].
>>> > > However due to security issues, and package being effectively dead I
>>> > > wouldn't mind speeding up the process. I might try to bring this up
>>> > > with FESCO, but process doesn't seem to include any wiggle room
>>> > > there.
>>> >
>>> > Feel free to file a fesco ticket and explain whats going on.
>>> Thanks, filed https://fedorahosted.org/fesco/ticket/1094
>>>
>>> I believe the emails/bugzilla provides enough context but I'll also try
>>> to attend
>>> the FESCO meeting to answer any questions.
>>
>>
>> I have received this today
>> http://www.exploitthis.com/2013/03/rhsa-20130623-1-important-tomcat6-security-update.html.
>>
>> Dunno if useful.
>>
>> Best
>>
>
>
> --
> devel mailing list
> devel at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel

I actually tried to install tomcat6 last night on RHEL6.4 and was
having issues. Funny.

Don't know if Fedora has the same release (haven't checked), but this
is pretty important as I use tomcat at work.

Could a proven packager take a look at it as well, (ASAP if it's a
security issue?).

Dan


More information about the devel mailing list