Date: Sun, 12 Jul 2015 14:31:37 -0500 From: Mark Felder <feld@feld.me> To: Xin Li <delphij@delphij.net>, ports-secteam@FreeBSD.org Cc: java@freebsd.org Subject: Re: Eradication of old java Message-ID: <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com> In-Reply-To: <55A2BB79.6030907@delphij.net> References: <1436722739.2838428.321692425.3A1ABDF2@webmail.messagingengine.com> <55A2BB79.6030907@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 12, 2015, at 14:09, Xin Li wrote: > > On 7/12/15 10:38, Mark Felder wrote: > > How long before we start to eradicate old java from the ports tree? > > I'm actually in the process of updating a couple ports of mine to > > require Java 1.8 now that it is supported, vs 1.6 as users > > currently are being required to use. > > > > Java 6 was EoL last year, Java 7 in April this year. > > > > I'm considering doing a search of the ports tree to gather some > > info and see how many can just have the java requirement bumped. > > I think we should move this discussion to -java@ and/or maintainers -- > there is no known security issues and it's better to give it more > public exposure. > > My suggestion would be to deprecate both Java 6 and 7 now and remove > them after a few (3?) months if there is nobody volunteering to > maintain them. > > (IIRC Java 6 have some security settings that e.g. IPMI console > applications require, but I doubt if FreeBSD users actually use these > because such applications usually ships with some native binary blobs) > Is Java 6 and 7 still receiving updates through OpenJDK upstream? As far as I'm aware they are not, so the next batch of CVEs that come out put those users in a bad position. Can java@ team provide any details?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1436729497.3932791.321743777.380D37FD>