[MIR] tomcat7 (replaces tomcat6)

We've supported tomcat6 for a long time and there is no reason we shouldn't support tomcat7. ACK once tomcat6 is demoted.

Curious, does tomcat6 have the testsuite run during the build? If so, what would it take to get the tomcat7 testsuite running?

The test suite does not run in tomcat6 - I'm working on making the test suite work ATM for tomcat7 - looks like it might need one extra dependency for main (jakarta-taglibs-standard) so not to much of a problem.

Nice. Thanks! :)

Test suite enabled in most recent upload for Ubuntu; I'll get all changes fed back into Debian as well.

Additional MIR information for jakarta-taglibs-standard

[Availability]
Universe since 11.10

[Rationale]
Additional dependency for tomcat7 to support enablement of test suite during package build; also fixes issues in examples web application with missing dependencies.

[Security]
No outstanding CVE's

[Quality assurance]
Test suite not enabled due to missing testing dependencies (cactus).

[Dependencies]
No additional dependences other that those already provide in main or by the tomcat7 package.

[Background]
This package provides the Java Standard Tag Library implementation preferred by the Apache Tomcat project. This is an extension on top of the Servlet, JSP and EL API's already provided by Tomcat.

Jamie

When do you think you will be able to complete this review? I've completed the seed change required to pull this onto the server ISO and would like to start on the transition servlet2.5 -> servlet3.0 transition to remove tomcat6 from main.

Status changed to 'Confirmed' because the bug affects multiple users.

This change seems to have become a problem in our server iso testing:
https://jenkins.qa.ubuntu.com/view/Quantal/view/ISO%20Testing%20Dashboard/job/quantal-server-amd64_tomcat-server/

so it should be fixed quick or the old tomcat be returned to the iso in the meantime.

jakarta-taglibs-standard:
- The package builds fine, but needs libservlet3.0-java from universe (but that comes from tomcat7 itself, so there is a circular build dependency)
- no CVE history
- no initscripts, dbus, setuid, sudoers, fscaps or cron jobs
- there appears to be some test data in standard/test but it doesn't appear to be used in the build
- Ubuntu does carry a delta, but it is primarily for packaging cleanups and a patch to work with Java 7
- the Ubuntu server team is subscribed to the bug
- there is a watch file
- Upstream seems inactive. The upstream source has not changed in 8 years. It looks like the project name changed (http://tomcat.apache.org/taglibs/) and that since the name change there have been a few more commits with the last one 3 years ago. They have not released a new version under the new name
- the current release is packaged
- is lintian clean
- debian/rules is reasonable
- there are a couple of javac warnings during the build, but they look harmless as they fallback to something sane

While upstream seems inactive, that is not always a problem (the software could be mature and working properly for people) and it has a good security history. There is also the issue of the circular build dependency between tomcat7 and jakarta-taglibs-standard, but I don't think this is a blocker, but rather something to make note of.

ACK (but please send the Ubuntu delta to Debian if you haven't already).

I have promoted tomcat7 and jakarta-taglibs-standard to main.