Quoting Dan Mashal (2013-03-12 18:11:06) > On Tue, Mar 12, 2013 at 10:06 AM, yersinia <yersinia.spiros@xxxxxxxxx> wrote: > > On Tue, Mar 12, 2013 at 6:05 PM, devzero2000 <pinto.elia@xxxxxxxxx> wrote: > >> > >> On Tue, Mar 12, 2013 at 4:28 PM, Stanislav Ochotnicky > >> <sochotnicky@xxxxxxxxxx> wrote: > >>> > >>> Quoting Kevin Fenzi (2013-03-12 15:53:56) > >>> > On Tue, 12 Mar 2013 13:49:22 +0100 > >>> > Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> wrote: > >>> > > >>> > > Tomcat6 package in Fedora is old, has several problematic bugs > >>> > > (including 4 security) and most importantly there's a replacement: > >>> > > tomcat-7.x > >>> > > > >>> > > I believe it is in our (developers as well as users) best interest to > >>> > > get rid of it. I have sent similar email to java-devel on February > >>> > > 26th[1], created another tomcat6 bugreport a week ago[2] but I wasn't > >>> > > successful in reaching David Knox (primary maintainer). > >>> > > > >>> > > Note that we already had a bugreport to migrate packages to > >>> > > tomcat-7[3] and we almost succeeded, but then new packages started > >>> > > creeping in with dependency on tomcat6. We need to get rid of it ASAP > >>> > > or we'll be fighting neverending battle. Even as > >>> > > comaintainer/provenpackager I cannot deprecate package that I do not > >>> > > own. > >>> > > > >>> > > I consider this point 4 of unresponsive maintainer process[4]. > >>> > > However due to security issues, and package being effectively dead I > >>> > > wouldn't mind speeding up the process. I might try to bring this up > >>> > > with FESCO, but process doesn't seem to include any wiggle room > >>> > > there. > >>> > > >>> > Feel free to file a fesco ticket and explain whats going on. > >>> Thanks, filed https://fedorahosted.org/fesco/ticket/1094 > >>> > >>> I believe the emails/bugzilla provides enough context but I'll also try > >>> to attend > >>> the FESCO meeting to answer any questions. > >> > >> > >> I have received this today > >> http://www.exploitthis.com/2013/03/rhsa-20130623-1-important-tomcat6-security-update.html. > >> > >> Dunno if useful. > >> > >> Best > >> > > > > > > -- > > devel mailing list > > devel@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/devel > > I actually tried to install tomcat6 last night on RHEL6.4 and was > having issues. Funny. > > Don't know if Fedora has the same release (haven't checked), but this > is pretty important as I use tomcat at work. > > Could a proven packager take a look at it as well, (ASAP if it's a > security issue?). There's more of them (bugs), but please for the love of all that is holy...don't use tomcat6. Every single supported Fedora release has tomcat-7.x where Ivan Afonichev is doing pretty great work with updates/bugfixing (kudos). Use it. Forget tomcat6. Situation is different on RHEL of course, there the tomcat6 is still being actively maintained (and will be for whole life of the given release). -- Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> Software Engineer - Developer Experience PGP: 7B087241 Red Hat Inc. http://cz.redhat.com -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
