Date: Mon, 13 Jul 2015 11:52:31 -0400 From: Jung-uk Kim <jkim@FreeBSD.org> To: Mark Felder <feld@feld.me>, Xin Li <delphij@delphij.net>, ports-secteam@FreeBSD.org Cc: java@freebsd.org Subject: Re: Eradication of old java Message-ID: <55A3DEBF.1070302@FreeBSD.org> In-Reply-To: <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com> References: <1436722739.2838428.321692425.3A1ABDF2@webmail.messagingengine.com> <55A2BB79.6030907@delphij.net> <1436729497.3932791.321743777.380D37FD@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 07/12/2015 15:31, Mark Felder wrote: > > > On Sun, Jul 12, 2015, at 14:09, Xin Li wrote: >> >> On 7/12/15 10:38, Mark Felder wrote: >>> How long before we start to eradicate old java from the ports >>> tree? I'm actually in the process of updating a couple ports of >>> mine to require Java 1.8 now that it is supported, vs 1.6 as >>> users currently are being required to use. >>> >>> Java 6 was EoL last year, Java 7 in April this year. >>> >>> I'm considering doing a search of the ports tree to gather >>> some info and see how many can just have the java requirement >>> bumped. >> >> I think we should move this discussion to -java@ and/or >> maintainers -- there is no known security issues and it's better >> to give it more public exposure. >> >> My suggestion would be to deprecate both Java 6 and 7 now and >> remove them after a few (3?) months if there is nobody >> volunteering to maintain them. >> >> (IIRC Java 6 have some security settings that e.g. IPMI console >> applications require, but I doubt if FreeBSD users actually use >> these because such applications usually ships with some native >> binary blobs) >> > > Is Java 6 and 7 still receiving updates through OpenJDK upstream? > As far as I'm aware they are not, so the next batch of CVEs that > come out put those users in a bad position. > > Can java@ team provide any details? Both OpenJDK6 and OpenJDK7 are actively maintained. For example, there will be OpenJDK6 b36 soon: https://java.net/jira/browse/OPENJDK6-60 Jung-uk Kim -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVo964AAoJEHyflib82/FGI3gH/iQvZpWi9A7J2RsnSoug7+r5 3ePT3ruKKeJ3B9h/85rUVx54tsZpw5p+X2tLNi1Fk7TdkPyn9P6SVD0UHytMbmNs /UxVy/P0+SFnA6qXeC18FcKQ8GJ1jfuBtCz9+DbaE1S+mBPHyxdR3zn3Dyf3eLhN dkveONKprS2NxQibvJMKBI/0xOT2YXpl2tZka/SZ61exTG6mTAXY9xm+AJwGJG4x 8TbVucqlYpc6bwMQN70FY8PAgYhqbskFx3+eDGMQTKe+NFqMILxCYw7MB/sQmths hO9wP13ztV61vJhgNUoKIeyZigd8E5RH3FQM1Xg27UMK0Y/O7tt4jNe3JYW6tG0= =GiO4 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55A3DEBF.1070302>