Re: openjdk maintenance for wheezy and squeeze
On 18/02/13 08:01, Sylvestre Ledru wrote:
> On 18/02/2013 07:26, Andreas Kuckartz wrote:
>> My view as a user:
>> [...]
>> Oracle has announced that no more new public updates of Java SE 6 will
>> be made available after February 2013:
>> http://www.oracle.com/technetwork/java/eol-135779.html
> Andrew from RedHat said that OpenJDK will still be maintained after that:
> http://lists.debian.org/debian-java/2013/02/msg00005.html
So it still has upstream (as in OpenJDK) security support. I think the
original rationale behind #675495 may have been a misunderstanding, or
this wasn't known at the time.
> OpenJDK6 therefore should be considered obsolete when Wheezy is released.
I wouldn't use the word 'obsolete' so long as there are packages that
*can* use it... I'd call it 'maintenance only'.
Before deciding the post-wheezy fate of openjdk-6, why not wait, and see
how well things work out over the next few months. Let's see what
security issues affect openjdk-6 vs. openjdk-7. Let's see how Red Hat's
security maintenance for openjdk-6 compares to Oracle's own Java 7 fixes
being pulled into openjdk-7 (in terms of expediency, complexity of
changes, regressions).
For example, if I had some public-facing Java-based service, I would
rather have been running it on openjdk-6 over the past months because it
had fewer security issues and perhaps no regressions caused by fixes.
OTOH some packages may switch to openjdk-7 post-wheezy or ship a new
upstream version that has at least been fixed to be able to use it.
Regards,
--
Steven Chamberlain
steven@pyro.eu.org
Reply to: