Control: clone -1 -2 -3 Control: reassign -2 release-notes Control: reassign -3 debian-security-support Control: tag -1 bookworm-ignore
Hi, On 26-05-2023 00:10, Markus Koschany wrote:
#1036250 is mainly a logback problem, not a tomcat problem. I still would like to hear Emmanuel's opinion. We still could revert to libtomcat9-java, if we don't find a solution though.
I want the logback changes reverted and go back to tomcat9. We'll ship two versions. We failed to remove tomcat9 properly and it's well past the line where we can try more variant. Just like the apt/adduser situation where we stopped experimenting, let's go back to the situation we know and understand.
The tomcatjss / dogtag-pki situation is simple too.
Small note, I don't like you framing the situation simple. The time pressure is huge. The tomcat9 situation has drained a lot of energy already, so no, it's not simple.
If there is no way to make the application work with Tomcat 10, then there are three options:
2. Continue to use the current Tomcat 9 package as is but make sure that nobody else than dogtag-pki uses it. (Package descriptions should be adjusted, and the binary tomcat9 package should be probably removed too) Nobody should think that we support two major Tomcat versions.
I think we have no *reasonable* other option than to do that somewhat. So let's make this clear in the release notes and in debian-security-support. I propose something along these lines for the release notes:
Although tomcat9 and tomcat9-user are shipped with bookworm next to tomcat10 binaries, they are exclusively supported for use with dogtag-pki. Users of dogtag-pki have to ensure they run the application in a sufficiently trusted network.
Paul (and Salvatore)
OpenPGP_signature
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
