Re: OpenJDK for lenny
On Mon, 2008-07-28 at 15:34 -0700, David Herron wrote:
> Each synchronized security release involves simultaneous release of
> all current binary JDK bundles as well as OpenJDK 6/7 source releases
> of the same bug fixes. For OpenJDK there is some kind of behind the
> scenes source handshaking as (I think) is common among open source
> projects and if you want to know more either I or Dalibor could get
> the information to you. We of course don't want to release source for
> a security fix until the matching binary JDK build has been released.
> OpenJDK 6 b 11 was the matching synchronized security release
And the security fixes were released and incorporated into icedtea
several days before the b11 code drop by Lillian:
So in principle we can turn around pretty fast. As soon as the source
code for any fixes are available, we don't have to wait for any drops to
get the security holes resolved for the distros immediately.