On Thu, Jul 07, 2005 at 11:20:19PM +0200, Andreas Krüger wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Michael Koch wrote: > > > You are really suggesting to deactivate the security manager by default? > > What I really suggest is: When I install Sarge Tomcat on a Sarge box, > together with all packages it depends on, it should operate. > > Personally, I much rather deactivate the security manager, than throw > Tomcat 4 out of Sarge main back into contrib. I am willing to go with > Tomcat 4 rather than Tomcat 5, and make do without this, that, and the > other feature, if that buys me free software. The web application that I > intend to deploy has not yet been written, so I can make it happen. > > > The bug is in kaffe not tomcat4. Tomcat4 works fine with other runtimes with > > security manager enabled. The bug in kaffe is fixed in CVS and probably in > > unstable too. > > Good to know. Thank you for the information. > > This particular bug is concerned with Sarge, though. This will be a > "production server" (of sorts). The security team's backing is important > for me, for whatever I end up running. > > > I can't check currently. This needs to be checked and this bug > > needs then get moved to kaffe and tagged "sarge". > > Disabling the security manager is not something to be taken lightly, yes. > Pulling a brand-new release of kaffe into Sarge is not to be taken lightly, > either. Which of these two, or maybe what else, is the best way for Debian > to get Tomcat Sargly running?
For Sarge its too late to change this. Your best option is to use a backport of kaffe from testing/unstable. I will soon start to create them when kaffe get uploaded in a new version. > I tend to lean towards "pulling kaffe", if that is an option. Is it? I am > not sure what the right answer is. In particular, I am an old hat at > Tomcat, but fairly new as a Kaffe user. So I cannot judge the relative > stability of the Kaffe version presently in Sarge, vs. the Kaffe version > that has the bug fix. Me, I just file them bugs ;-) ... Thanks for doing this. Greetings, Michael -- Escape the Java Trap with GNU Classpath! http://www.gnu.org/philosophy/java-trap.html Join the community at http://planet.classpath.org/