Re: security support for squeeze?
On Wednesday 10 November 2010 22:08:05 Michael Gilbert wrote:
> > Finally, are there other packages we know have limited security support,
> > and should be mentioned there?
> You may want to mention that openjdk-6 and sun-java-6 don't receive
> security support/updates. I'm not sure if whether this is a security
> team policy decision, or whether its simply a de facto state due to lack
> of interest. The last DSA for openjdk was in April 2009 even though
> there have been about 100 CVEs issued for it since then.
Florian has been looking into openjdk support so he may have to say something
The situation with sun-java-6 is not quite as you describe - although due to
its non-freeness we've not been able to present updates as DSA's, we have been
able to have the security releases in the Lenny point releases for a while
now. I see no reason to continue that into Squeeze. As the status of non-free
security support is already considered to be known to our users I think we
need not mention sun-java explicitly in the release notes.