tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mladen Turk <>
Subject Re: Removing the examples (JSP/servlet) in TC Binaries
Date Mon, 09 Jul 2007 17:32:55 GMT
jean-frederic clere wrote:
> Hi,
> The examples (servlet and JSP) have caused a list of security issues.
> I think we should remove them from the Tomcat binary packages (6.0 and 
> 5.x at least).
> Any comments?

If the examples are broken, then we have serious problems,
either with examples or with the release itself.

The sole purpose of examples should be that the they
*must* work and that random user can use them as start
point for his code.

However, the packaging is irrelevant, and I would
prefer to have them separate from the main distribution.
IMHO that would give the clear message to our users
that examples are what they are; 'just examples', and
as such should not be part of the main binary distribution.

So, having separate 'examples' package would probably
be much better compared with the one that we have
right now, although not sure for a 5.5.x, because
of presumed content from previous releases.

Of course, beside adding apache-tomcat-6.0.xx-examples.tar.gz
we can comment out the examples from the config.

So, in essence +1 to your proposal (at least for 6.0)
IMO it makes sense, and breaks nothing.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message