Dear java team,

the current freeplane package only works with an old JRE [1].
[1] https://bugs.launchpad.net/ubuntu/+source/freeplane/+bug/2034752

I think that not many users figure out how to set JAVA_CMD or FREEPLANE_JAVA_HOME, and even if they did, it would be a security risk
due to an old JRE. I cannot package freeplane 1.11.x because it requires
gradle >= 7.x.

Since it is easy to install the upstream .deb...
- https://sourceforge.net/projects/freeplane/
- select "Files"
- select "freeplane stable"
- select freeplane_1.11.11~upstream-1_all.deb
- install with "sudo apt install
/path/to/freeplane_1.11.11~upstream-1_all.deb"

... I wonder whether it is better to remove freeplane now?
What do you think?

Best Regards,
Felix
--
Felix Natter

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sun, Mar 31, 2024 at 04:53:17PM +0200, Felix Natter wrote:

Dear java team,

the current freeplane package only works with an old JRE [1].
[1] https://bugs.launchpad.net/ubuntu/+source/freeplane/+bug/2034752

I think that not many users figure out how to set JAVA_CMD or FREEPLANE_JAVA_HOME, and even if they did, it would be a security risk
due to an old JRE. I cannot package freeplane 1.11.x because it requires gradle >= 7.x.

Since it is easy to install the upstream .deb...
- https://sourceforge.net/projects/freeplane/
- select "Files"
- select "freeplane stable"
- select freeplane_1.11.11~upstream-1_all.deb
- install with "sudo apt install
/path/to/freeplane_1.11.11~upstream-1_all.deb"

... I wonder whether it is better to remove freeplane now?
What do you think?

Hi Felix,

In my opinion we should be remove the outdated freeplane package from
Debian.

Cheers,
tony

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYJrC8ACgkQIdIFiZdL PpbF1A//ZBkcIQ4F2lf5MvqaS9XpICaS6W3eUB3QbZ3NxbpJVJLThln6ikpxiNvi Xj0kk187XKkV1YLK7BJwD4+xFZPIVAryV0tddxEA2WuKo+gxA+pexBvQLDhpq9GG 448UxeT2sQX9Ut1s5VERJBZt0UAU3bC5CGUufXglG7JVUbiSyNoOKgx0SCAl68/L VWL7tyfKz46LQBT8uO8CRG8cTTLnPaflNQOmhA1WXCHgzpF2PXishtWh8UzidQOY tEH9BhsDNeKtdGVBt3XDkr0sx78IbWmmzp8bRPSudHjaDMS47acrpbj65Fn7QAyg xYNIauhK2Q/5q/rcboUnQRL2r7j/fSLhnaYRTqXBzP3EEvruUr3s1Ze84RzTMVlr Kwu+0o63zbC9KmQEv3vBjRwbDkjaImPruQGJhquyehb2GLDINpNemSfHiXYtUjqW 4am/KGgKzjcuZ8Lrqk6N0LYejhPllVd8AlgrBYvRMUxmswHmWYrjg3b/SzRWXcr2 bbavZ9oocMx2OX8aUfCz2IZYKmzRrHMwroiyhAyAymePdDtx7GQENiLFL6Jl4p3+ +HfmufKer6htr95DkHNIdbaSRt8NTM+SxuxjPeTxjiVw/YL+VWkeKRCX67U+G+D8 IWVTztQ9562sZBT4tZlrZJzeu7ZvG/FTJ/pt4Lfu64olO5nBaUE=
=aeSy
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

tony mancill <tmancill@debian.org> writes:

On Sun, Mar 31, 2024 at 04:53:17PM +0200, Felix Natter wrote:

Dear java team,

the current freeplane package only works with an old JRE [1].
[1] https://bugs.launchpad.net/ubuntu/+source/freeplane/+bug/2034752

I think that not many users figure out how to set JAVA_CMD or
FREEPLANE_JAVA_HOME, and even if they did, it would be a security risk
due to an old JRE. I cannot package freeplane 1.11.x because it requires
gradle >= 7.x.

Since it is easy to install the upstream .deb...
- https://sourceforge.net/projects/freeplane/
- select "Files"
- select "freeplane stable"
- select freeplane_1.11.11~upstream-1_all.deb
- install with "sudo apt install
/path/to/freeplane_1.11.11~upstream-1_all.deb"

... I wonder whether it is better to remove freeplane now?
What do you think?

Hi Felix,

hello Tony,

In my opinion we should be remove the outdated freeplane package from
Debian.

the only thing that speaks against this is the user comment in #1030150
[1]. Is it true that "as Debian (and many derivates) still ship with old
JDK"? [2]

[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030150#25
[2] https://packages.debian.org/search?keywords=jre&searchon=names&suite=stable&section=all

Cheers and Best Regards,
Felix

--
Felix Natter
debian/rules!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 31/03/2024 à 20:32, tony mancill a écrit :

What do you think?

In my opinion we should be remove the outdated freeplane package from
Debian.

+1, even if fixing the security manager issue is easy, I'm tempted to
think there is little benefit packaging freeplane ourself since upstream already provides a package.

Emmanuel Bourg

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 6 Apr 2024, Emmanuel Bourg wrote:

since upstream already provides a package.

That is not a justification appropriate for a Debian mailing list.

bye,
//mirabilos
--
15:41⎜<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld :-)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

hello Sebastiaan, Tony, Thorsten, Emmanuel,

Sebastiaan Couwenberg <sebastic@xs4all.nl> writes:

On 4/1/24 8:49 AM, Felix Natter wrote:

tony mancill <tmancill@debian.org> writes:

In my opinion we should be remove the outdated freeplane package from
Debian.

the only thing that speaks against this is the user comment in #1030150
[1]. Is it true that "as Debian (and many derivates) still ship with old
JDK"? [2]

It might be feasible to patch freeplane to use Maven for the Debian package build. This was suggested in the Gradle packaging status thread some time
ago [0].

Osmosis 0.49 also required a more recent Gradle to build, and adding a
patch to use Maven for the Debian package build was reasonably simple.

[0] https://lists.debian.org/debian-java/2022/08/msg00010.html

thank you for the suggestion. In addition to a complex gradle build
system [1] using the latest features, there are also a number of new dependencies. The biggest one (I think) is twemoji [2].

[1]
https://github.com/freeplane/freeplane/blob/1.11.x/freeplane/build.gradle etc.

[2] #878875 (Freeplane >= 1.9 can add any unicode emoji as an icon)

I *might* succeed packaging Freeplane with maven, but then it might not
be compatible at all due to some missing gradle build system quirks,
which I think is worse than using the upstream .deb.

@Thorsten: Yes, having a 100% free build in Debian is
nice, but I do not see this happening :( I agree with @Emmanuel that the upstream .deb is the best solution we can get (and given the nature of
java, this is extremely easy to install for users and upstream to provide) :)

However, in #1030150 Alex says:

as Debian (and many derivates) still ship with old JDK, there is in my eyes no reason to remove
Freeplane because of that. Also it would be a shame if it maybe would vanish from it, in that way.

Is this really true for Debian [3]?

[3] https://packages.debian.org/search?keywords=jre&searchon=names&suite=stable&section=all

I think that if we do not remove freeplane from Debian, people are
"forced" to keep old unsupported JDK/JRE versions, which is a security
risk IMHO. Do you agree, or is an outdated Debian package even more
secure than an up-to-date upstream package as "Rpnpif" says in #1030150:

I would agree with alex. Encouraging users to take packages out of
Debian's repositories is a security risk for their OS. The current case
with xz demonstrates this. My opinion does not mean that upstream should
not offer an alternative and packages.

Cheers and Best Regards,
Felix
--
Felix Natter

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Le 06/04/2024 à 17:10, Thorsten Glaser a écrit :

On Sat, 6 Apr 2024, Emmanuel Bourg wrote:

since upstream already provides a package.

That is not a justification appropriate for a Debian mailing list.

Got caught by the mailing list police, doh! ;) Not need to invent
mailing list rules to state your disagreement. IMHO upstreams providing packages contribute to the success of the Debian ecosystem, which is a
good thing overall.

Emmanuel Bourg

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)