On Tue, Mar 12, 2013 at 10:06 AM, yersinia <yersinia.spiros@xxxxxxxxx> wrote: > On Tue, Mar 12, 2013 at 6:05 PM, devzero2000 <pinto.elia@xxxxxxxxx> wrote: >> >> On Tue, Mar 12, 2013 at 4:28 PM, Stanislav Ochotnicky >> <sochotnicky@xxxxxxxxxx> wrote: >>> >>> Quoting Kevin Fenzi (2013-03-12 15:53:56) >>> > On Tue, 12 Mar 2013 13:49:22 +0100 >>> > Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> wrote: >>> > >>> > > Tomcat6 package in Fedora is old, has several problematic bugs >>> > > (including 4 security) and most importantly there's a replacement: >>> > > tomcat-7.x >>> > > >>> > > I believe it is in our (developers as well as users) best interest to >>> > > get rid of it. I have sent similar email to java-devel on February >>> > > 26th[1], created another tomcat6 bugreport a week ago[2] but I wasn't >>> > > successful in reaching David Knox (primary maintainer). >>> > > >>> > > Note that we already had a bugreport to migrate packages to >>> > > tomcat-7[3] and we almost succeeded, but then new packages started >>> > > creeping in with dependency on tomcat6. We need to get rid of it ASAP >>> > > or we'll be fighting neverending battle. Even as >>> > > comaintainer/provenpackager I cannot deprecate package that I do not >>> > > own. >>> > > >>> > > I consider this point 4 of unresponsive maintainer process[4]. >>> > > However due to security issues, and package being effectively dead I >>> > > wouldn't mind speeding up the process. I might try to bring this up >>> > > with FESCO, but process doesn't seem to include any wiggle room >>> > > there. >>> > >>> > Feel free to file a fesco ticket and explain whats going on. >>> Thanks, filed https://fedorahosted.org/fesco/ticket/1094 >>> >>> I believe the emails/bugzilla provides enough context but I'll also try >>> to attend >>> the FESCO meeting to answer any questions. >> >> >> I have received this today >> http://www.exploitthis.com/2013/03/rhsa-20130623-1-important-tomcat6-security-update.html. >> >> Dunno if useful. >> >> Best >> > > > -- > devel mailing list > devel@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/devel I actually tried to install tomcat6 last night on RHEL6.4 and was having issues. Funny. Don't know if Fedora has the same release (haven't checked), but this is pretty important as I use tomcat at work. Could a proven packager take a look at it as well, (ASAP if it's a security issue?). Dan -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
