Am 12.02.19 um 23:14 schrieb Thomas Finneid: [...] > Is Scala and Sbt the only software that haven't migrated away from > jdk-8? considering how much time and money the entire world has invested > in jdk-8, I think its a bit early to remove it. > > (At work, 70 developers have spent the last half a year migrating our > jdk 8 codebase to upgrade Spring, hibernate etc, so that we can migrate > to java 11. We still havent started the first step (out of 4 steps) of > java 11 migration. I expect that it will be autumn before we actually > see any jdk-11 development. (We have about than 250 systems to migrate > and half of the codebase is shared in business libraries)) > > (From what I can see reagrding security updates in jdk, I seem to > remember that its mostly in the security based classes, such as > certificates and secure classloading, TLS and crypto stuff the bugfixes > comes from) Personally I would like to keep OpenJDK 8 as well but you also have to keep the following points in mind: We are all volunteers in Debian, the vast majority of people don't receive any money for their work. Debian as a distribution has a different point of view than a single developer or a company. When we release Debian 10 in a few months users expect from us that all software works at runtime, can be compiled from source out-of-the-box and complies with the DFSG. OpenJDK 8 will officially reach EOL status within the next two or three years. If you ship two OpenJDKs in Debian, then users will assume that both are supported for the lifecycle of a new release. Suddenly you have to support many different use cases, an application shall work with OpenJDK 11 and OpenJDK 8, everything must be compilable with both JDKs. Remember the Java team alone maintains about 1000 source packages and there are dozens if not hundreds of other software packages in Debian written in Java. This gets even more complicated when you realize that we ship only one version of a library, compiler or application since security updates are handled by a different team of volunteers: Debian's security team. They must be convinced to do the extra work too. You can support such use cases but only if you have a dedicated team that cares about all that long-term. This is much easier for a Java company with employees that work full time on such problems, paid of course.
Attachment:
signature.asc
Description: OpenPGP digital signature