Re: sun-java6-plugin outdated and vulnerable to an actively exploited security issue

[Jason Fergus <leech@thefnords.org>]

On Thu, 2012-08-16 at 12:09 +0200, Erwan David wrote:
> On Thu, Aug 16, 2012 at 11:37:09AM CEST, Thijs Kinkhorst <thijs@debian.org> said:
> > Hi Adam,
> > 
> > On Thu, August 16, 2012 07:56, echo083 wrote:
> > > The sun-java6 in the stable branch is the version 1.6.0_26 is there a
> > > plan for any security upgrade ?
> > 
> > I'm afraid that's not possible. Oracle has changed licensing such that
> > it's no longer allowed for Debian to distribute newer versions. There's
> > somewhat more detail in http://www.debian.org/News/weekly/2011/15/#javarm
> > 
> > It is advised to switch to openjdk-6 instead.
> > 
> > Cheers,
> > Thijs
> 
> I might do this when every java application I need to use is compatible with it...
> Meanwhile some do not work...
> 
> 

Is it plausible to get openjdk7 backported to squeeze as a security
measure in this regard?  It sure seems to be more closely based to what
oracle is now putting out.  Well there are some programs that apparently
refuse to work with Java7 altogether, but I'd say that's the programmers
fault.  I know where I work there have been issues with that.  But at
least openjdk7 seems to be getting updated along with Oracle's Java7.