1. Forum
  2. Usenet
  3. LINUX.DEBIAN.MAINT.JAVA

  • Removing freeplane 1.7.x from Debian?

    From Felix Natter@21:1/5 to All on Sun Mar 31 17:00:02 2024
    Dear java team,

    the current freeplane package only works with an old JRE [1].
    [1] https://bugs.launchpad.net/ubuntu/+source/freeplane/+bug/2034752

    I think that not many users figure out how to set JAVA_CMD or FREEPLANE_JAVA_HOME, and even if they did, it would be a security risk
    due to an old JRE. I cannot package freeplane 1.11.x because it requires
    gradle >= 7.x.

    Since it is easy to install the upstream .deb...
    - https://sourceforge.net/projects/freeplane/
    - select "Files"
    - select "freeplane stable"
    - select freeplane_1.11.11~upstream-1_all.deb
    - install with "sudo apt install
    /path/to/freeplane_1.11.11~upstream-1_all.deb"

    ... I wonder whether it is better to remove freeplane now?
    What do you think?

    Best Regards,
    Felix
    --
    Felix Natter

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From tony mancill@21:1/5 to Felix Natter on Sun Mar 31 20:40:01 2024
    On Sun, Mar 31, 2024 at 04:53:17PM +0200, Felix Natter wrote:
    Dear java team,

    the current freeplane package only works with an old JRE [1].
    [1] https://bugs.launchpad.net/ubuntu/+source/freeplane/+bug/2034752

    I think that not many users figure out how to set JAVA_CMD or FREEPLANE_JAVA_HOME, and even if they did, it would be a security risk
    due to an old JRE. I cannot package freeplane 1.11.x because it requires gradle >= 7.x.

    Since it is easy to install the upstream .deb...
    - https://sourceforge.net/projects/freeplane/
    - select "Files"
    - select "freeplane stable"
    - select freeplane_1.11.11~upstream-1_all.deb
    - install with "sudo apt install
    /path/to/freeplane_1.11.11~upstream-1_all.deb"

    ... I wonder whether it is better to remove freeplane now?
    What do you think?

    Hi Felix,

    In my opinion we should be remove the outdated freeplane package from
    Debian.

    Cheers,
    tony

    -----BEGIN PGP SIGNATURE-----

    iQIzBAABCgAdFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAmYJrC8ACgkQIdIFiZdL PpbF1A//ZBkcIQ4F2lf5MvqaS9XpICaS6W3eUB3QbZ3NxbpJVJLThln6ikpxiNvi Xj0kk187XKkV1YLK7BJwD4+xFZPIVAryV0tddxEA2WuKo+gxA+pexBvQLDhpq9GG 448UxeT2sQX9Ut1s5VERJBZt0UAU3bC5CGUufXglG7JVUbiSyNoOKgx0SCAl68/L VWL7tyfKz46LQBT8uO8CRG8cTTLnPaflNQOmhA1WXCHgzpF2PXishtWh8UzidQOY tEH9BhsDNeKtdGVBt3XDkr0sx78IbWmmzp8bRPSudHjaDMS47acrpbj65Fn7QAyg xYNIauhK2Q/5q/rcboUnQRL2r7j/fSLhnaYRTqXBzP3EEvruUr3s1Ze84RzTMVlr Kwu+0o63zbC9KmQEv3vBjRwbDkjaImPruQGJhquyehb2GLDINpNemSfHiXYtUjqW 4am/KGgKzjcuZ8Lrqk6N0LYejhPllVd8AlgrBYvRMUxmswHmWYrjg3b/SzRWXcr2 bbavZ9oocMx2OX8aUfCz2IZYKmzRrHMwroiyhAyAymePdDtx7GQENiLFL6Jl4p3+ +HfmufKer6htr95DkHNIdbaSRt8NTM+SxuxjPeTxjiVw/YL+VWkeKRCX67U+G+D8 IWVTztQ9562sZBT4tZlrZJzeu7ZvG/FTJ/pt4Lfu64olO5nBaUE=
    =aeSy
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Felix Natter@21:1/5 to tony mancill on Mon Apr 1 09:00:01 2024
    tony mancill <[email protected]> writes:

    On Sun, Mar 31, 2024 at 04:53:17PM +0200, Felix Natter wrote:
    Dear java team,

    the current freeplane package only works with an old JRE [1].
    [1] https://bugs.launchpad.net/ubuntu/+source/freeplane/+bug/2034752

    I think that not many users figure out how to set JAVA_CMD or
    FREEPLANE_JAVA_HOME, and even if they did, it would be a security risk
    due to an old JRE. I cannot package freeplane 1.11.x because it requires
    gradle >= 7.x.

    Since it is easy to install the upstream .deb...
    - https://sourceforge.net/projects/freeplane/
    - select "Files"
    - select "freeplane stable"
    - select freeplane_1.11.11~upstream-1_all.deb
    - install with "sudo apt install
    /path/to/freeplane_1.11.11~upstream-1_all.deb"

    ... I wonder whether it is better to remove freeplane now?
    What do you think?

    Hi Felix,

    hello Tony,

    In my opinion we should be remove the outdated freeplane package from
    Debian.

    the only thing that speaks against this is the user comment in #1030150
    [1]. Is it true that "as Debian (and many derivates) still ship with old
    JDK"? [2]

    [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030150#25
    [2] https://packages.debian.org/search?keywords=jre&searchon=names&suite=stable&section=all

    Cheers and Best Regards,
    Felix

    --
    Felix Natter
    debian/rules!

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Emmanuel Bourg@21:1/5 to All on Sat Apr 6 11:20:01 2024
    Le 31/03/2024 à 20:32, tony mancill a écrit :

    What do you think?

    In my opinion we should be remove the outdated freeplane package from
    Debian.

    +1, even if fixing the security manager issue is easy, I'm tempted to
    think there is little benefit packaging freeplane ourself since upstream already provides a package.

    Emmanuel Bourg

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Thorsten Glaser@21:1/5 to Emmanuel Bourg on Sat Apr 6 17:30:02 2024
    On Sat, 6 Apr 2024, Emmanuel Bourg wrote:

    since upstream already provides a package.

    That is not a justification appropriate for a Debian mailing list.

    bye,
    //mirabilos
    --
    15:41⎜<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld :-)

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Felix Natter@21:1/5 to Sebastiaan Couwenberg on Sun Apr 7 15:40:02 2024
    hello Sebastiaan, Tony, Thorsten, Emmanuel,

    Sebastiaan Couwenberg <[email protected]> writes:
    On 4/1/24 8:49 AM, Felix Natter wrote:
    tony mancill <[email protected]> writes:
    In my opinion we should be remove the outdated freeplane package from
    Debian.
    the only thing that speaks against this is the user comment in #1030150
    [1]. Is it true that "as Debian (and many derivates) still ship with old
    JDK"? [2]

    It might be feasible to patch freeplane to use Maven for the Debian package build. This was suggested in the Gradle packaging status thread some time
    ago [0].

    Osmosis 0.49 also required a more recent Gradle to build, and adding a
    patch to use Maven for the Debian package build was reasonably simple.

    [0] https://lists.debian.org/debian-java/2022/08/msg00010.html

    thank you for the suggestion. In addition to a complex gradle build
    system [1] using the latest features, there are also a number of new dependencies. The biggest one (I think) is twemoji [2].

    [1]
    https://github.com/freeplane/freeplane/blob/1.11.x/freeplane/build.gradle etc.

    [2] #878875 (Freeplane >= 1.9 can add any unicode emoji as an icon)

    I *might* succeed packaging Freeplane with maven, but then it might not
    be compatible at all due to some missing gradle build system quirks,
    which I think is worse than using the upstream .deb.

    @Thorsten: Yes, having a 100% free build in Debian is
    nice, but I do not see this happening :( I agree with @Emmanuel that the upstream .deb is the best solution we can get (and given the nature of
    java, this is extremely easy to install for users and upstream to provide) :)

    However, in #1030150 Alex says:

    as Debian (and many derivates) still ship with old JDK, there is in my eyes no reason to remove
    Freeplane because of that. Also it would be a shame if it maybe would vanish from it, in that way.

    Is this really true for Debian [3]?

    [3] https://packages.debian.org/search?keywords=jre&searchon=names&suite=stable&section=all

    I think that if we do not remove freeplane from Debian, people are
    "forced" to keep old unsupported JDK/JRE versions, which is a security
    risk IMHO. Do you agree, or is an outdated Debian package even more
    secure than an up-to-date upstream package as "Rpnpif" says in #1030150:

    I would agree with alex. Encouraging users to take packages out of
    Debian's repositories is a security risk for their OS. The current case
    with xz demonstrates this. My opinion does not mean that upstream should
    not offer an alternative and packages.

    Cheers and Best Regards,
    Felix
    --
    Felix Natter

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Emmanuel Bourg@21:1/5 to All on Sun Apr 7 19:20:01 2024
    Le 06/04/2024 à 17:10, Thorsten Glaser a écrit :
    On Sat, 6 Apr 2024, Emmanuel Bourg wrote:

    since upstream already provides a package.

    That is not a justification appropriate for a Debian mailing list.

    Got caught by the mailing list police, doh! ;) Not need to invent
    mailing list rules to state your disagreement. IMHO upstreams providing packages contribute to the success of the Debian ecosystem, which is a
    good thing overall.

    Emmanuel Bourg

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)