Markus, Emmanuel, are you going to update the backport to the
latest version (9.0.43-3 or 9.0.43-3~deb11u1 once migrated)
fixing the compile time problem (some constants for Java™ 15
and newer are not defined yet) because the alternative is to
request removal of the backport now and informing the users.
Currently I don't plan to update the bpo version of Tomcat 9 in Buster. If you
prefer the latest updates then I'd suggest to focus on bullseye-backports from
now on. I am not sure yet if the regression which I have fixed in
9.0.43-3 requires another security update for bullseye or buster at
the moment, since an easy workaround is available and probably not
many users are affected. I will monitor the situation though.
On Tue, 10 Aug 2021, Markus Koschany wrote:
Currently I don't plan to update the bpo version of Tomcat 9 in Buster. If you
prefer the latest updates then I'd suggest to focus on bullseye-backports from
I think you misunderstood the intention of this request.
Packages in $version-backports have to be up-to-date wrt.
their corresponding packages from $(version+1), except
small, not very user-visible, etc. changes.
In the case of security updates, this is even more important.
The person who uploaded the first backport basically agreed
to keep the tomcat9 backport up-to-date over the lifetime of buster-backports, that is, to approximately 14/15ᵗʰ August 2022(!).
now on. I am not sure yet if the regression which I have fixed in
9.0.43-3 requires another security update for bullseye or buster at
the moment, since an easy workaround is available and probably not
many users are affected. I will monitor the situation though.
Right.
However, if you’re not intending to update the buster backport,
please file a removal request and inform the users (via the bpo
mailing list) about this and the extant security issues in the
version they have installed.
Obviously you should wait for Emmanuel's feedback before doing
anything.
Hi backports team,Done
please remove tomcat9 from buster-backports because Emmanuel won't have the time to update the package for the next months and I don't intend to maintain it. My recommendation for all users of tomcat9 is to use the version in buster
because it receives full security support. You also have the option to upgrade
to bullseye.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 33:10:30 |
Calls: | 6,648 |
Calls today: | 3 |
Files: | 12,193 |
Messages: | 5,328,709 |