Date: Mon, 13 Jul 2015 12:08:28 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Matthias Petermann <matthias@petermann-it.de>, freebsd-java@freebsd.org Subject: Re: Eradication of old java Message-ID: <55A3E27C.1000200@FreeBSD.org> In-Reply-To: <55A347C4.5060302@petermann-it.de> References: <1436722739.2838428.321692425.3A1ABDF2@webmail.messagingengine.com> <55A2BB79.6030907@delphij.net> <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com> <55A347C4.5060302@petermann-it.de>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/13/2015 01:08, Matthias Petermann wrote: > Hello, > > On 12.07.2015 21:31, Mark Felder wrote: >> >> On Sun, Jul 12, 2015, at 14:09, Xin Li wrote: >>> On 7/12/15 10:38, Mark Felder wrote: >>>> How long before we start to eradicate old java from the ports >>>> tree? I'm actually in the process of updating a couple ports >>>> of mine to require Java 1.8 now that it is supported, vs 1.6 >>>> as users currently are being required to use. >>>> >>>> Java 6 was EoL last year, Java 7 in April this year. >>>> >>>> I'm considering doing a search of the ports tree to gather >>>> some info and see how many can just have the java requirement >>>> bumped. >>> I think we should move this discussion to -java@ and/or >>> maintainers -- there is no known security issues and it's >>> better to give it more public exposure. >>> >>> My suggestion would be to deprecate both Java 6 and 7 now and >>> remove them after a few (3?) months if there is nobody >>> volunteering to maintain them. >>> >>> (IIRC Java 6 have some security settings that e.g. IPMI >>> console applications require, but I doubt if FreeBSD users >>> actually use these because such applications usually ships with >>> some native binary blobs) >>> >> Is Java 6 and 7 still receiving updates through OpenJDK upstream? >> As far as I'm aware they are not, so the next batch of CVEs that >> come out put those users in a bad position. >> >> Can java@ team provide any details? > > It looks like RedHat had taken over stewardship for OpenJDK 6 > [1]and OpenJDK 7 [2]. I did not find a road map there but it can be > assumed that they support it until EOL of their enterprise Linux > distributions RHEL 5 (OpenJDK is the default Java there) and RHEL > 6. Would be interesting to find out where updated sources are > available (and if they maintain the original sources or provide > source code patches or binary patches only?). OpenJDK6 sources are available from here: https://java.net/downloads/openjdk6/ AFAIK, OpenJDK7 does not release source tarballs yet but you can check out from the Mercurial repository. http://hg.openjdk.java.net/jdk7u Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVo+J2AAoJEHyflib82/FGCt4H/RnmdtjLVSKyZf0gI8XHb2Hw 6IkEyxBf4tUpr41ZzgZq981wJET/7yzbfUiq01cYw8yl0HgTGuv4GO4faLSAqLEc I4WPR1zLeFlPBIsYiZwwsUDK9X0hG5dtHfPg/rV1Ohktzz9oM4qTNquSPpnoXpvF BGs9OeNwhBY7jILAwW+C2+xpGXlienaR5KNeXefcb7Xq/7vqylD8c0/S9RTK2+am xgNVkIReSWoas75WqH7XvMkOW1yT4Mv9yR0gaBW8MZ4XHqnxEqFv3773w1OmEALA dma64HOofFkxqxA+I5luvPoYrP3zGrTiDs9K2Z9BK4+VrPSokS6JraESlQFp8W8= =lA5z -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55A3E27C.1000200>