From owner-freebsd-java@freebsd.org Mon Jul 13 15:59:59 2015 Return-Path: Delivered-To: freebsd-java@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8BCE799BF25 for ; Mon, 13 Jul 2015 15:59:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 708401CF for ; Mon, 13 Jul 2015 15:59:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: by mailman.ysv.freebsd.org (Postfix) id 6D36799BF20; Mon, 13 Jul 2015 15:59:59 +0000 (UTC) Delivered-To: java@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6C9F099BF1F; Mon, 13 Jul 2015 15:59:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from mx2.freebsd.org (mx2.freebsd.org [8.8.178.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx2.freebsd.org", Issuer "Gandi Standard SSL CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 5ABFD1CE; Mon, 13 Jul 2015 15:59:59 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from hammer.pct.niksun.com (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx2.freebsd.org (Postfix) with ESMTP id D190E2D2B; Mon, 13 Jul 2015 15:59:58 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Message-ID: <55A3E07E.7020300@FreeBSD.org> Date: Mon, 13 Jul 2015 11:59:58 -0400 From: Jung-uk Kim User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: Mark Felder , Xin Li , ports-secteam@FreeBSD.org CC: java@freebsd.org Subject: Re: Eradication of old java References: <1436722739.2838428.321692425.3A1ABDF2@webmail.messagingengine.com> <55A2BB79.6030907@delphij.net> <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com> <55A3DEBF.1070302@FreeBSD.org> <1436802846.1406670.322470913.69B2C944@webmail.messagingengine.com> In-Reply-To: <1436802846.1406670.322470913.69B2C944@webmail.messagingengine.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jul 2015 15:59:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/13/2015 11:54, Mark Felder wrote: > > > On Mon, Jul 13, 2015, at 10:52, Jung-uk Kim wrote: >> On 07/12/2015 15:31, Mark Felder wrote: >>> >>> >>> On Sun, Jul 12, 2015, at 14:09, Xin Li wrote: >>>> >>>> On 7/12/15 10:38, Mark Felder wrote: >>>>> How long before we start to eradicate old java from the >>>>> ports tree? I'm actually in the process of updating a >>>>> couple ports of mine to require Java 1.8 now that it is >>>>> supported, vs 1.6 as users currently are being required to >>>>> use. >>>>> >>>>> Java 6 was EoL last year, Java 7 in April this year. >>>>> >>>>> I'm considering doing a search of the ports tree to gather >>>>> some info and see how many can just have the java >>>>> requirement bumped. >>>> >>>> I think we should move this discussion to -java@ and/or >>>> maintainers -- there is no known security issues and it's >>>> better to give it more public exposure. >>>> >>>> My suggestion would be to deprecate both Java 6 and 7 now >>>> and remove them after a few (3?) months if there is nobody >>>> volunteering to maintain them. >>>> >>>> (IIRC Java 6 have some security settings that e.g. IPMI >>>> console applications require, but I doubt if FreeBSD users >>>> actually use these because such applications usually ships >>>> with some native binary blobs) >>>> >>> >>> Is Java 6 and 7 still receiving updates through OpenJDK >>> upstream? As far as I'm aware they are not, so the next batch >>> of CVEs that come out put those users in a bad position. >>> >>> Can java@ team provide any details? >> >> Both OpenJDK6 and OpenJDK7 are actively maintained. For >> example, there will be OpenJDK6 b36 soon: >> >> https://java.net/jira/browse/OPENJDK6-60 >> >> Jung-uk Kim >> > > So it is only Oracle's non-OpenJDK distribution of Java 6 and Java > 7 that is ceasing public updates? Correct. Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVo+B5AAoJEHyflib82/FGXr4H/1NIeeph6cinBHE7/JCGuTbD VuQXElscYN7HXQ+zWbBfE25fLuCrxjmgS/7+UcTMF8xEcIU15kQCP3mC3kWVOxt5 gzt5SwzgU2o2zinWJXfrnpYerdbbkqOf9bKIHVWQLQKZOTcStxAgWAlrKbMX6UCe Ji8Nkz/GN8Pzd7wtQ5PKUNAHoKg69ITTffaiK4xjGUMcLY8t1LJIMBGlJEFBhaqM 9Bw8WHNAwlAM1UDuOO3ANjmznPSjOlQkhSnWHnFyhsdoI78Sr5RuGl6Rh03mvqje H5ftkJbx+sKLgxKdRNWfkB6HpwfUe/8iNJy//Yo3MWNXWly4NSHyvB21yKgz3v8= =Phx1 -----END PGP SIGNATURE-----