| 2 Nov 2024 |
 emily | (not in contradiction with our review process being very bikesheddy: people will bikeshed all day about your Nix expression but rarely will they ask if it's worth packaging something at all) | 02:06:13 |
 Tomodachi94 (they/them) | I'm going to make the drop PR and see if the maintainer cares at all | 02:06:30 |
| Tomodachi94 (they/them) | If the maintainer doesn't respond in a few days, <Merge pull request> :) | 02:06:54 |
| emily | sure, maybe just roll it into the oraclejdk drop? | 02:07:03 |
| emily | and if you could update the manual section to not reference it in that one too that'd be great | 02:07:16 |
| Tomodachi94 (they/them) | In reply to@emilazy:matrix.org
sure, maybe just roll it into the oraclejdk drop? Maybe. I'm going to hunt for CVEs for it as well, so there's slightly stronger justification | 02:07:43 |
| emily | probably not many people filing CVEs for a proprietary Java Card devkit I imagine | 02:08:04 |
| Tomodachi94 (they/them) | * Maybe. I'm going to hunt for CVEs for javacard-devkit as well, so there's slightly stronger justification | 02:08:05 |
| emily | IMO the justification is: it depends on a package being removed for being an unmaintained security disaster, is many years of out of date compared to what we could be packaging (there are modern Linux versions: https://www.oracle.com/java/technologies/javacard-downloads.html#sdk-sim), and it has been untouched since 2018 so there is no reason to expect that the former two will be resolved (and it's not your job to do so) | 02:09:54 |
