Date: Sat, 12 Mar 2011 08:24:53 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: Rob Farmer <rfarmer@predatorlabs.net> Cc: freebsd-java@freebsd.org Subject: Re: AW: Question Update Java Security Updates Message-ID: <20110312162454.9790E106566C@hub.freebsd.org> In-Reply-To: <AANLkTikk7jyNnw1nS7K4jgCXpSeZ0oUMVZ1VyO-N9mMJ@mail.gmail.com> References: <20110310120028.6013310656B0@hub.freebsd.org> <20110310161721.59652106566B@hub.freebsd.org> <AANLkTikk7jyNnw1nS7K4jgCXpSeZ0oUMVZ1VyO-N9mMJ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>> The reason for that is that they haven't been necessary. This cannot be >> said for openjdk, not yet at least. >> > > There have been 191 "vulnerabilities" for the lifetime of JDK 1.6, > according to Secunia. java/jdk16 is at update 4 out of 24. Unless you > are running only trusted local apps with no networking support, that > is highly dubious. Vulnerability is relative to your application of course. The "vulnerabilities" you site for JDK have not been relevant to my servers or apps or most commonly used apps (other than webstart). That cannot be said for the Openjdk. But equating advisories with vulnerabilities does bring up an important point, and I expect religious preferences will continue to take precedence over actual user experience. Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110312162454.9790E106566C>