[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: openjdk maintenance for wheezy and squeeze

On 18/02/13 08:01, Sylvestre Ledru wrote:
> On 18/02/2013 07:26, Andreas Kuckartz wrote:
>> My view as a user:
>> [...]
>> Oracle has announced that no more new public updates of Java SE 6 will
>> be made available after February 2013:
>> http://www.oracle.com/technetwork/java/eol-135779.html

> Andrew from RedHat said that OpenJDK will still be maintained after that:
> http://lists.debian.org/debian-java/2013/02/msg00005.html

So it still has upstream (as in OpenJDK) security support.  I think the
original rationale behind #675495 may have been a misunderstanding, or
this wasn't known at the time.

> OpenJDK6 therefore should be considered obsolete when Wheezy is released.

I wouldn't use the word 'obsolete' so long as there are packages that
*can* use it...  I'd call it 'maintenance only'.

Before deciding the post-wheezy fate of openjdk-6, why not wait, and see
how well things work out over the next few months.  Let's see what
security issues affect openjdk-6 vs. openjdk-7.  Let's see how Red Hat's
security maintenance for openjdk-6 compares to Oracle's own Java 7 fixes
being pulled into openjdk-7 (in terms of expediency, complexity of
changes, regressions).

For example, if I had some public-facing Java-based service, I would
rather have been running it on openjdk-6 over the past months because it
had fewer security issues and perhaps no regressions caused by fixes.

OTOH some packages may switch to openjdk-7 post-wheezy or ship a new
upstream version that has at least been fixed to be able to use it.

Steven Chamberlain

Reply to: