[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: security support for squeeze?

On Wednesday 10 November 2010 22:08:05 Michael Gilbert wrote:
> > Finally, are there other packages we know have limited security support,
> > and should be mentioned there?
> 
> You may want to mention that openjdk-6 and sun-java-6 don't receive
> security support/updates.  I'm not sure if whether this is a security
> team policy decision, or whether its simply a de facto state due to lack
> of interest. The last DSA for openjdk was in April 2009 even though
> there have been about 100 CVEs issued for it since then.

Florian has been looking into openjdk support so he may have to say something 
about that.

The situation with sun-java-6 is not quite as you describe - although due to 
its non-freeness we've not been able to present updates as DSA's, we have been 
able to have the security releases in the Lenny point releases for a while 
now. I see no reason to continue that into Squeeze. As the status of non-free 
security support is already considered to be known to our users I think we 
need not mention sun-java explicitly in the release notes.


Cheers,
Thijs
Reply to: