Date: Mon, 13 Jul 2015 10:54:06 -0500 From: Mark Felder <feld@feld.me> To: "Jung-uk Kim" <jkim@FreeBSD.org>, Xin Li <delphij@delphij.net>, ports-secteam@FreeBSD.org Cc: java@freebsd.org Subject: Re: Eradication of old java Message-ID: <1436802846.1406670.322470913.69B2C944@webmail.messagingengine.com> In-Reply-To: <55A3DEBF.1070302@FreeBSD.org> References: <1436722739.2838428.321692425.3A1ABDF2@webmail.messagingengine.com> <55A2BB79.6030907@delphij.net> <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com> <55A3DEBF.1070302@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 13, 2015, at 10:52, Jung-uk Kim wrote: > On 07/12/2015 15:31, Mark Felder wrote: > > > > > > On Sun, Jul 12, 2015, at 14:09, Xin Li wrote: > >> > >> On 7/12/15 10:38, Mark Felder wrote: > >>> How long before we start to eradicate old java from the ports > >>> tree? I'm actually in the process of updating a couple ports of > >>> mine to require Java 1.8 now that it is supported, vs 1.6 as > >>> users currently are being required to use. > >>> > >>> Java 6 was EoL last year, Java 7 in April this year. > >>> > >>> I'm considering doing a search of the ports tree to gather > >>> some info and see how many can just have the java requirement > >>> bumped. > >> > >> I think we should move this discussion to -java@ and/or > >> maintainers -- there is no known security issues and it's better > >> to give it more public exposure. > >> > >> My suggestion would be to deprecate both Java 6 and 7 now and > >> remove them after a few (3?) months if there is nobody > >> volunteering to maintain them. > >> > >> (IIRC Java 6 have some security settings that e.g. IPMI console > >> applications require, but I doubt if FreeBSD users actually use > >> these because such applications usually ships with some native > >> binary blobs) > >> > > > > Is Java 6 and 7 still receiving updates through OpenJDK upstream? > > As far as I'm aware they are not, so the next batch of CVEs that > > come out put those users in a bad position. > > > > Can java@ team provide any details? > > Both OpenJDK6 and OpenJDK7 are actively maintained. For example, > there will be OpenJDK6 b36 soon: > > https://java.net/jira/browse/OPENJDK6-60 > > Jung-uk Kim > So it is only Oracle's non-OpenJDK distribution of Java 6 and Java 7 that is ceasing public updates?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1436802846.1406670.322470913.69B2C944>