New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev-java/jython: Remove vulnerable versions. Fixes security bug 552452. #813
Conversation
Package-Manager: portage-2.2.26 Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
Package-Manager: portage-2.2.26 Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
Package-Manager: portage-2.2.26 Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
😞 The QA check for this pull request has found the following issues: New issues: |
Package-Manager: portage-2.2.26 RepoMan-Options: --force Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
😞 The QA check for this pull request has found the following issues: New issues: |
Package-Manager: portage-2.2.26 RepoMan-Options: --force Signed-off-by: Patrice Clement <monsieurp@gentoo.org>
c6ef91e
to
6f65d65
Compare
Looks good. I'm going to merge it. |
Gentoo-Bug: 552452 Pull-Request: #813
does jython-2.7 depend on icedtea-bin:7? |
I don't think so. @chewi can you confirm? |
Huh? It needs at least JDK 7 and that could be satisfied by icedtea-bin:7 as well as any of the other JDKs we currently support. Where did that question even come from? |
I had no jdk:7, but I had jdk8:7. Once I installed ant or freemind, it pulled jython:2.7 that pulled jdk:7 and guess what was installed. icedtea-bin:7, just like mentioned in jdk RDEPEND first item. Anyone mind if I swap it with icedtea:7? #1221 |
What is jdk8:7? Assuming you meant virtual/jdk:1.8, I'm not sure why it pulled in 7 as very few things require that explicitly but preferring -bin is intentional as I explained in your pull request. |
Just to have the CI checks run and make sure I'm not breaking the tree. ;)