From owner-freebsd-java@FreeBSD.ORG Sun Jan 5 06:15:59 2014 Return-Path: Delivered-To: freebsd-java@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E22CC335 for ; Sun, 5 Jan 2014 06:15:59 +0000 (UTC) Received: from sam.nabble.com (sam.nabble.com [216.139.236.26]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C15071448 for ; Sun, 5 Jan 2014 06:15:59 +0000 (UTC) Received: from [192.168.236.26] (helo=sam.nabble.com) by sam.nabble.com with esmtp (Exim 4.72) (envelope-from ) id 1Vzh05-0007dh-EX for freebsd-java@freebsd.org; Sat, 04 Jan 2014 22:15:53 -0800 Date: Sat, 4 Jan 2014 22:15:53 -0800 (PST) From: ari To: freebsd-java@freebsd.org Message-ID: <1388902553441-5873886.post@n5.nabble.com> In-Reply-To: <20140105041919.GA57795@misty.eyesbeyond.com> References: <21189.33585.949509.38005@jerusalem.litteratus.org> <52C58E85.8030501@freebsd.org> <1388798626990-5873612.post@n5.nabble.com> <52C7E24A.6010902@FreeBSD.org> <20140105041919.GA57795@misty.eyesbeyond.com> Subject: Re: open jdk7 marked "FORBIDDEN" MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-java@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting Java to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jan 2014 06:15:59 -0000 >"Safe" being a relative term since typically the updated Java version will >contain security fixes as well. I didn't enumerate all the security fixes >between 7u25 and 7u45 when doing the update, but I'm pretty certain it was >not a list of zero length. > I realise this potentially puts people in a poor situation. I'd > definitely > recommend running 7u45 if you can, and in particular please run 7.45.18_1, > since the initial 7.45.18 update didn't pick up changes to how the > unlimited > strength security policies were installed. Hi Greg, Thanks for this information. However in my predicament, I'm happier running 7u25 since at least the security fixes are well documented and I can read and evaluate whether any bugs are likely to affect me. With 7u45 all I know is that in some situations, on all 'released' versions of FreeBSD, the kernel will panic. But I have nothing to go by to understand whether this problem might affect me. "If you can" doesn't have a concrete answer unless I know what to look for or how to exercise my systems to reproduce the fault. I've read the svn commits, but don't understand enough about kernel programming to understand what I'm looking at. I see this puts you in a difficult position though since the FreeBSD ports tree isn't sophisticated enough to know to install 7u25 on some versions of FreeBSD and 7u45 on others. But at some point the 'forbidden' flag will have to be removed and people on vulnerable OS versions will have problems unless the JDK itself can be patched to avoid it. Do you have an estimated timeframe on the next steps or the release of more detailed information? Cheers Ari -- View this message in context: http://freebsd.1045724.n5.nabble.com/open-jdk7-marked-FORBIDDEN-tp5873171p5873886.html Sent from the freebsd-java mailing list archive at Nabble.com.