Florian Weimer wrote:
* Matthias Klose:So, we are late with OpenJDK for lenny. I still think lenny would benefit from having OpenJDK. I'm proposing the following steps, realizing that not all of them probably can be realized.Is there upstream security support for OpenJDK 6? I'm asking because the DLJ stuff used to lag quite a bit.
FWIW I've been working to make sure the DLJ bundles gets published more in line with the regular bundles. I took over DLJ in Jan/Feb when Tom went off to greener pastures.
If you need to know details about the security fix releases I can get a statement from one of the guys directly involved. The model we're moving to (have moved to) is to synchronize security fix releases across all the JDK release channels we have. We're still releasing JDK's back to 1.3.1 (for some reason). Each synchronized security release involves simultaneous release of all current binary JDK bundles as well as OpenJDK 6/7 source releases of the same bug fixes. For OpenJDK there is some kind of behind the scenes source handshaking as (I think) is common among open source projects and if you want to know more either I or Dalibor could get the information to you. We of course don't want to release source for a security fix until the matching binary JDK build has been released.
OpenJDK 6 b 11 was the matching synchronized security release
The matching DLJ bundle, 5.0u17 and 6u7, was published within a couple hours of the normal (non-DLJ) bundles. This was much better than the release lag for earlier DLJ bundle releases (heavy sigh).
- David Herron