From owner-freebsd-java@FreeBSD.ORG Sun Mar 13 00:57:14 2011 Return-Path: Delivered-To: freebsd-java@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9FCBB106566B for ; Sun, 13 Mar 2011 00:57:14 +0000 (UTC) (envelope-from rfarmer@predatorlabs.net) Received: from mail-vw0-f54.google.com (mail-vw0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 4BD788FC0C for ; Sun, 13 Mar 2011 00:57:14 +0000 (UTC) Received: by vws18 with SMTP id 18so1807302vws.13 for ; Sat, 12 Mar 2011 16:57:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=predatorlabs.net; s=google; h=domainkey-signature:mime-version:x-originating-ip:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=FUwXHjbcpYNA8Uz2VILftcGGw0JpzbiK1Y0C+x/hyo8=; b=HTN09bdFdHvhm2PitY55FkEC/PGFop2aSsHsHEMY6pERKUyyM9zrHLytzHpQUoSmeb okN/0hs9FHQVLlK8T4Cl02Vo5danSijN/WxYr9zJ8lr9J9ZGhZg3K7gX31xpjLGMV7u3 Ag9S8/9lg4FnYbg4l4cv/wzgXWi7UosWAq8jE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=predatorlabs.net; s=google; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=bM+2a5I4fnZ35ie9y7ZFmZNxxXFbVEQIdPuOM73/76J9HsRWTpOzThlyuZCYrUDXgO uliRkgb2xeF3imROpbtthp68ISXI6vOb9WXmohegj7ndO+lxAXhbYxGBU2qPCIFg+Wuh V9BWMMXGb2P/L35keS2tBGv8qgGadcdlEaq9Q= MIME-Version: 1.0 Received: by 10.52.67.146 with SMTP id n18mr1417931vdt.232.1299977833472; Sat, 12 Mar 2011 16:57:13 -0800 (PST) Received: by 10.220.192.140 with HTTP; Sat, 12 Mar 2011 16:57:13 -0800 (PST) X-Originating-IP: [128.95.133.76] In-Reply-To: <4d7b9e57.6946340a.3823.46fdSMTPIN_ADDED@mx.google.com> References: <20110310120028.6013310656B0@hub.freebsd.org> <20110310161721.59652106566B@hub.freebsd.org> <4d7b9e57.6946340a.3823.46fdSMTPIN_ADDED@mx.google.com> Date: Sat, 12 Mar 2011 16:57:13 -0800 Message-ID: From: Rob Farmer To: Roger Marquis Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-java@freebsd.org Subject: Re: AW: Question Update Java Security Updates X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2011 00:57:14 -0000 On Sat, Mar 12, 2011 at 8:24 AM, Roger Marquis wrote: >>> The reason for that is that they haven't been necessary. =A0This cannot= be >>> said for openjdk, not yet at least. >>> >> >> There have been 191 "vulnerabilities" for the lifetime of JDK 1.6, >> according to Secunia. java/jdk16 is at update 4 out of 24. Unless you >> are running only trusted local apps with no networking support, that >> is highly dubious. > > Vulnerability is relative to your application of course. =A0The > "vulnerabilities" you site for JDK have not been relevant to my servers > or apps or most commonly used apps (other than webstart). =A0That cannot = be > said for the Openjdk. > > But equating advisories with vulnerabilities does bring up an important > point, and I expect religious preferences will continue to take > precedence over actual user experience. > > Roger Marquis > If you have info showing that these vulnerabilities are bogus and don't affect most people, please post it. Sun though the issues were important enough to patch and the "important point" it raises is that, for Java, I trust Sun more than you. If mailing list traffic (here, questions, ports) is any indication, most people using Java care about the browser plugin. And the patch 4 plugin is vulnerable to a number of issues. That's not an opinion. The best that can be said is that most exploits will be Windows specific. This change is almost certainly going to happen, sooner or later. There's nothing happening with the old ports. If you have issues with openjdk, it would be in your best interest to raise specific complaints so they can be fixed, rather than make accusations about "religious preferences." --=20 Rob Farmer