[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#645881: critical update 29 available

On Wed, October 19, 2011 12:50, Sylvestre Ledru wrote:
> CC debian release & security
>
> Le mercredi 19 octobre 2011 à 12:21 +0200, Thijs Kinkhorst a écrit :
>> Upstream has released Java SE 6 update 29 yesterday:
>> http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
>> with security fixes.
>
> Well, that especially means that it is now time to consider the removal
> of sun-java6 from Debian.
>
> We, the distros, are no longer allowed by Oracle to redistribute this
> version [1] [2].
> The OpenJDK (6 or 7) is now the way to go.
>
> About stable, I don't know what the security team would recommend
> here ?!

Well, stable is supposed to be stable. I'm all for removal of sun-java6
from unstable and hence not including it in wheezy, but we've released
stable with the expectations for users that they can run it for its
lifetime without large disruptions. While software has been removed from
stable as a last resort, it really should be the last resort.

Have we been in contact with Oracle upstream and explained that we are
eager to comply with their wish to move entirely to openjdk for our next
release, but have the problem that we have a stable release out in the
field that people rely on? Are there possibilities to extend the offer for
the lifetime of stable, or at least until it becomes oldstable?


cheers,
Thijs
Reply to: