Le 26/05/2023 à 10:58, Moritz Muehlenhoff a écrit :
Can't we just do the pragmatic fix of updating src:tomcat9 to only ship libtomcat9-java and libtomcat9-embed-java? The maintenance burden for security updates lies within the server stack, the percentage of issues affecting the libtomcat9-java binary packages as used by rdeps will be small to none?
dogtag-pki has a popcon of 4, do we really want to keep that package and tomcat9 for so few users? It could come back later in Bookworm as a backport once it supports Tomcat 10.
If tomcat9 is kept in Bookworm most users won't realize it's no longer supported. I think we should add a prominent warning in the NEWS file that it's not supported. I'd even suggest disabling the tomcat9 service when upgrading to force the users to act (either migrate to tomcat10, or re-enabling it willingly).
Emmanuel Bourg
